Strix
26.1K

CVE-2008-2545

UnknownEPSS 4.23%

Last modified

CVE-2008-2545 is a vulnerability of currently unknown severity. Skype 3.6.0.248, and other versions before 3.8.0.139, uses a case-sensitive comparison when checking for dangerous extensions, which allows user-assisted remote attackers to bypass warning dialogs and possibly execute arbitrary code via a file: URI with a dangerous extension that uses a different case.. EPSS estimates a 4.23% chance of exploitation in the next 30 days.

Description

Skype 3.6.0.248, and other versions before 3.8.0.139, uses a case-sensitive comparison when checking for dangerous extensions, which allows user-assisted remote attackers to bypass warning dialogs and possibly execute arbitrary code via a file: URI with a dangerous extension that uses a different case.

Metrics

EPSS Probability
4.23%

89.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersionsUpdate
Skype TechnologiesSkype<= 3.8.0.115
Skype TechnologiesSkype3.0.0.106Beta
Skype TechnologiesSkype3.0.0.123Beta
Skype TechnologiesSkype3.0.0.137Beta
Skype TechnologiesSkype3.0.0.154Beta
Skype TechnologiesSkype3.0.0.190
Skype TechnologiesSkype3.0.0.198
Skype TechnologiesSkype3.0.0.205
Skype TechnologiesSkype3.0.0.209
Skype TechnologiesSkype3.0.0.214
Skype TechnologiesSkype3.0.0.216
Skype TechnologiesSkype3.0.0.217
Skype TechnologiesSkype3.0.0.218
Skype TechnologiesSkype3.1.0.112Beta
Skype TechnologiesSkype3.1.0.134Beta
Skype TechnologiesSkype3.1.0.144
Skype TechnologiesSkype3.1.0.147
Skype TechnologiesSkype3.1.0.150
Skype TechnologiesSkype3.1.0.152
Skype TechnologiesSkype3.2.0.53Beta
Skype TechnologiesSkype3.2.0.63Beta
Skype TechnologiesSkype3.2.0.82Beta
Skype TechnologiesSkype3.2.0.115Beta
Skype TechnologiesSkype3.2.0.145
Skype TechnologiesSkype3.2.0.148
Skype TechnologiesSkype3.2.0.152
Skype TechnologiesSkype3.2.0.158
Skype TechnologiesSkype3.2.0.163
Skype TechnologiesSkype3.2.0.175
Skype TechnologiesSkype3.5.0.107Beta
Skype TechnologiesSkype3.5.0.158Beta
Skype TechnologiesSkype3.5.0.178Beta
Skype TechnologiesSkype3.5.0.202
Skype TechnologiesSkype3.5.0.214
Skype TechnologiesSkype3.5.0.229
Skype TechnologiesSkype3.5.0.234
Skype TechnologiesSkype3.5.0.239
Skype TechnologiesSkype3.6.0.127Beta
Skype TechnologiesSkype3.6.0.159Beta
Skype TechnologiesSkype3.6.0.216
Skype TechnologiesSkype3.6.0.244
Skype TechnologiesSkype3.6.0.248
Skype TechnologiesSkype3.8.0.96Beta

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2008-2545?
Skype 3.6.0.248, and other versions before 3.8.0.139, uses a case-sensitive comparison when checking for dangerous extensions, which allows user-assisted remote attackers to bypass warning dialogs and possibly execute arbitrary code via a file: URI with a dangerous extension that uses a different case.
How severe is CVE-2008-2545?
Severity scoring for CVE-2008-2545 is pending analysis. The EPSS model estimates a 4.23% probability of exploitation in the next 30 days.
How do I fix CVE-2008-2545?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2008-2545?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST