CVE-2008-2545

  • Last update: Apr 13, 2023

Description

Skype 3.6.0.248, and other versions before 3.8.0.139, uses a case-sensitive comparison when checking for dangerous extensions, which allows user-assisted remote attackers to bypass warning dialogs and possibly execute arbitrary code via a file: URI with a dangerous extension that uses a different case.

Software From Fixed in
skype_technologies / skype 3.2.0.148 3.2.0.148.x
skype_technologies / skype 3.5.0.229 3.5.0.229.x
skype_technologies / skype 3.0.0.198 3.0.0.198.x
skype_technologies / skype 3.6.0.244 3.6.0.244.x
skype_technologies / skype 3.5.0.234 3.5.0.234.x
skype_technologies / skype 3.0.0.214 3.0.0.214.x
skype_technologies / skype 3.2.0.145 3.2.0.145.x
skype_technologies / skype 3.1.0.144 3.1.0.144.x
skype_technologies / skype 3.2.0.82-beta 3.2.0.82-beta.x
skype_technologies / skype 3.5.0.178-beta 3.5.0.178-beta.x
skype_technologies / skype 3.1.0.147 3.1.0.147.x
skype_technologies / skype 3.5.0.214 3.5.0.214.x
skype_technologies / skype 3.1.0.112-beta 3.1.0.112-beta.x
skype_technologies / skype 3.0.0.217 3.0.0.217.x
skype_technologies / skype 3.2.0.115-beta 3.2.0.115-beta.x
skype_technologies / skype 3.2.0.63-beta 3.2.0.63-beta.x
skype_technologies / skype 3.5.0.158-beta 3.5.0.158-beta.x
skype_technologies / skype 3.8.0.96-beta 3.8.0.96-beta.x
skype_technologies / skype 3.0.0.106-beta 3.0.0.106-beta.x
skype_technologies / skype 3.0.0.205 3.0.0.205.x
skype_technologies / skype 3.0.0.216 3.0.0.216.x
skype_technologies / skype 3.0.0.209 3.0.0.209.x
skype_technologies / skype 3.2.0.53-beta 3.2.0.53-beta.x
skype_technologies / skype 3.5.0.107-beta 3.5.0.107-beta.x
skype_technologies / skype 3.6.0.248 3.6.0.248.x
skype_technologies / skype 3.6.0.127-beta 3.6.0.127-beta.x
skype_technologies / skype 3.2.0.158 3.2.0.158.x
skype_technologies / skype 3.6.0.216 3.6.0.216.x
skype_technologies / skype 3.0.0.190 3.0.0.190.x
skype_technologies / skype 3.2.0.163 3.2.0.163.x
skype_technologies / skype 3.0.0.154-beta 3.0.0.154-beta.x
skype_technologies / skype 3.5.0.239 3.5.0.239.x
skype_technologies / skype 3.2.0.152 3.2.0.152.x
skype_technologies / skype 3.6.0.159-beta 3.6.0.159-beta.x
skype_technologies / skype - 3.8.0.115.x
skype_technologies / skype 3.1.0.152 3.1.0.152.x
skype_technologies / skype 3.0.0.137-beta 3.0.0.137-beta.x
skype_technologies / skype 3.1.0.134-beta 3.1.0.134-beta.x
skype_technologies / skype 3.0.0.218 3.0.0.218.x
skype_technologies / skype 3.2.0.175 3.2.0.175.x
skype_technologies / skype 3.0.0.123-beta 3.0.0.123-beta.x
skype_technologies / skype 3.5.0.202 3.5.0.202.x
skype_technologies / skype 3.1.0.150 3.1.0.150.x

Details

    • Severity: High
  • CVE: CVE-2008-2545
  • Published: Jun 7, 2008
  • Updated: Apr 13, 2023
  • Exploit:

CVSS v2

  • Severity: High
  • Score: 9.3
  • AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs