Описание
Argument injection vulnerability in the URI handler in Skype 2.0..104 and 2.5..0 through 2.5.*.78 for Windows allows remote authorized attackers to download arbitrary files via a URL that contains certain command-line switches.
Ссылки
- Broken Link
- Broken LinkVendor Advisory
- Third Party AdvisoryUS Government Resource
- Broken Link
- Broken LinkThird Party AdvisoryVDB Entry
- Broken LinkThird Party AdvisoryVDB Entry
- Broken Link
- Broken LinkVendor Advisory
- Third Party AdvisoryVDB Entry
- Broken Link
- Broken LinkVendor Advisory
- Third Party AdvisoryUS Government Resource
- Broken Link
- Broken LinkThird Party AdvisoryVDB Entry
- Broken LinkThird Party AdvisoryVDB Entry
- Broken Link
- Broken LinkVendor Advisory
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1Версия до 2.0.0.105 (исключая)Версия от 2.5.0.0 (включая) до 2.5.0.79 (исключая)
Одновременно
Одно из
cpe:2.3:a:skype:skype:*:*:*:*:*:*:*:*
cpe:2.3:a:skype:skype:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*
EPSS
Процентиль: 89%
0.04379
Низкий
2.6 Low
CVSS2
Дефекты
CWE-88
Связанные уязвимости
github
почти 4 года назад
Argument injection vulnerability in the URI handler in Skype 2.0.*.104 and 2.5.*.0 through 2.5.*.78 for Windows allows remote authorized attackers to download arbitrary files via a URL that contains certain command-line switches.
EPSS
Процентиль: 89%
0.04379
Низкий
2.6 Low
CVSS2
Дефекты
CWE-88