CVE-2008-0582
Last modified
CVE-2008-0582 is a vulnerability of currently unknown severity. Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.1 through 3.6.0.244 on Windows allows remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Full Name field of a reviewer of a business item entry, accessible through (1) the SkypeFind dialog and (2) a skype:?skypefind URI for the skype: URI handler.. EPSS estimates a 1.21% chance of exploitation in the next 30 days.
Description
Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.1 through 3.6.0.244 on Windows allows remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Full Name field of a reviewer of a business item entry, accessible through (1) the SkypeFind dialog and (2) a skype:?skypefind URI for the skype: URI handler.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Skype Technologies | Skype | 3.1 |
| Skype Technologies | Skype | 3.2 |
| Skype Technologies | Skype | 3.5 |
| Skype Technologies | Skype | 3.6 |
| Skype Technologies | Skype | 3.6.0.244 |
References
- http://www.kb.cert.org/vuls/id/794236US Government Resource
- http://www.kb.cert.org/vuls/id/794236US Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2008-0582?
How severe is CVE-2008-0582?
How do I fix CVE-2008-0582?
Are you affected by CVE-2008-0582?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST