QwikSec

Security Database

CVE

CWE

Training

CVE-2008-0582

Published: Feb 5, 2008

Modified: Aug 7, 2024

PUBLISHED

Description

Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.1 through 3.6.0.244 on Windows allows remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Full Name field of a reviewer of a business item entry, accessible through (1) the SkypeFind dialog and (2) a skype:?skypefind URI for the skype: URI handler.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://aviv.raffon.net/2008/01/31/AttackersCanSkypeFindYou.aspx

x_refsource_MISC

vdb-entry

x_refsource_BID

20080131 Attackers can SkypeFind you

mailing-list

x_refsource_BUGTRAQ

third-party-advisory

x_refsource_CERT-VN

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

CVE-2008-0582 - Security Vulnerability | QwikSec