CVE-2008-2545 (GCVE-0-2008-2545)
Vulnerability from cvelistv5 – Published: 2008-06-06 22:00 – Updated: 2024-08-07 09:05
VLAI?
Summary
Skype 3.6.0.248, and other versions before 3.8.0.139, uses a case-sensitive comparison when checking for dangerous extensions, which allows user-assisted remote attackers to bypass warning dialogs and possibly execute arbitrary code via a file: URI with a dangerous extension that uses a different case.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:05:29.862Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1020201",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020201"
},
{
"name": "30547",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30547"
},
{
"name": "skype-fileuri-case-security-bypass(43044)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43044"
},
{
"name": "ADV-2008-1749",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1749/references"
},
{
"name": "29553",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29553"
},
{
"name": "20080604 Skype File URI Security Bypass Code Execution Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=711"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.skype.com/security/skype-sb-2008-003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Skype 3.6.0.248, and other versions before 3.8.0.139, uses a case-sensitive comparison when checking for dangerous extensions, which allows user-assisted remote attackers to bypass warning dialogs and possibly execute arbitrary code via a file: URI with a dangerous extension that uses a different case."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1020201",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020201"
},
{
"name": "30547",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30547"
},
{
"name": "skype-fileuri-case-security-bypass(43044)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43044"
},
{
"name": "ADV-2008-1749",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1749/references"
},
{
"name": "29553",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29553"
},
{
"name": "20080604 Skype File URI Security Bypass Code Execution Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=711"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.skype.com/security/skype-sb-2008-003.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2545",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Skype 3.6.0.248, and other versions before 3.8.0.139, uses a case-sensitive comparison when checking for dangerous extensions, which allows user-assisted remote attackers to bypass warning dialogs and possibly execute arbitrary code via a file: URI with a dangerous extension that uses a different case."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1020201",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020201"
},
{
"name": "30547",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30547"
},
{
"name": "skype-fileuri-case-security-bypass(43044)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43044"
},
{
"name": "ADV-2008-1749",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1749/references"
},
{
"name": "29553",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29553"
},
{
"name": "20080604 Skype File URI Security Bypass Code Execution Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=711"
},
{
"name": "http://www.skype.com/security/skype-sb-2008-003.html",
"refsource": "CONFIRM",
"url": "http://www.skype.com/security/skype-sb-2008-003.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2545",
"datePublished": "2008-06-06T22:00:00",
"dateReserved": "2008-06-04T00:00:00",
"dateUpdated": "2024-08-07T09:05:29.862Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2008-2545\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2008-06-06T22:32:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Skype 3.6.0.248, and other versions before 3.8.0.139, uses a case-sensitive comparison when checking for dangerous extensions, which allows user-assisted remote attackers to bypass warning dialogs and possibly execute arbitrary code via a file: URI with a dangerous extension that uses a different case.\"},{\"lang\":\"es\",\"value\":\"Skype 3.6.0.248 y otras versiones anteriores a 3.8.0.139, utiliza comparaciones sensibles a may\u00fasculas y min\u00fasculas cuando revisa extensiones peligrosas, las cuales permiten a atacantes remotos asistidos por el usuario evitar di\u00e1logos de aviso y posibilita la ejecuci\u00f3n de c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un archivo: URI con una extensi\u00f3n peligrosa que utiliza un caso diferente.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:skype_technologies:skype:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.8.0.115\",\"matchCriteriaId\":\"9AF92A12-1646-4C60-8EF0-EE32FFD0AB65\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:skype_technologies:skype:3.0.0.106:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"299E4795-0202-42D5-83A9-6CEE9063A556\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:skype_technologies:skype:3.0.0.123:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"D8EB8746-D7A3-4393-A765-23B44432F10C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:skype_technologies:skype:3.0.0.137:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"051A0E63-C02E-4FB4-9A7E-F4AD46782272\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:skype_technologies:skype:3.0.0.154:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"76F03F89-83E6-4558-8675-83A8CD691D85\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:skype_technologies:skype:3.0.0.190:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"12E90F91-50CB-422D-8535-2B52275484DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:skype_technologies:skype:3.0.0.198:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"952D150E-46C0-454D-A3D9-7DD19A255366\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:skype_technologies:skype:3.0.0.205:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"78886104-B6C1-4855-97B6-D2F59583DDE5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:skype_technologies:skype:3.0.0.209:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8F77926-096E-4F67-8818-2C089356F328\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:skype_technologies:skype:3.0.0.214:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AE9B5B52-2513-4D8A-A3A7-BDE5F1B7A979\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:skype_technologies:skype:3.0.0.216:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E1FB0E2-E124-45B2-9209-97699BC431E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:skype_technologies:skype:3.0.0.217:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D93968CE-9479-4EEE-B972-A6E375F9C0D3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:skype_technologies:skype:3.0.0.218:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EB65C69E-5B05-4BDC-86F1-9DC0306D6EFF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:skype_technologies:skype:3.1.0.112:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"05A80FAC-2E2B-4733-A0C2-B18332274C5E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:skype_technologies:skype:3.1.0.134:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"881122D2-80E8-4414-AF69-505A0FE22246\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:skype_technologies:skype:3.1.0.144:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"76299BE8-B49E-4FA9-87DF-835CB0DCEF6E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:skype_technologies:skype:3.1.0.147:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DFC6A6C1-0C22-42C4-A935-A7A87DD87025\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:skype_technologies:skype:3.1.0.150:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1DFDCC89-F71C-4D0E-B0E6-1590FE95B8AA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:skype_technologies:skype:3.1.0.152:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6818B6E0-8076-41BA-A754-92E3601DD042\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:skype_technologies:skype:3.2.0.53:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"ADCD5ECD-1B01-4F68-B2A7-8EB9CCA5B632\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:skype_technologies:skype:3.2.0.63:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3D08B9A-BF09-4903-A322-3E578FB09284\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:skype_technologies:skype:3.2.0.82:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"6938D9C6-8254-4AAF-9332-39088AC1C027\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:skype_technologies:skype:3.2.0.115:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"2EF81382-A61A-4A48-9251-FBAA076B7149\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:skype_technologies:skype:3.2.0.145:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"57EA3CE4-F19D-46DD-A3BA-4AAE0B19CC6A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:skype_technologies:skype:3.2.0.148:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2542EED5-83A3-496C-8A8B-D85A31814AFC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:skype_technologies:skype:3.2.0.152:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E69AEBB5-0571-4AB8-8DB7-E7C9D98CDC0A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:skype_technologies:skype:3.2.0.158:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CFA1F1F0-D394-40BD-B88C-CA7D095C6130\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:skype_technologies:skype:3.2.0.163:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"61FC737C-EBB2-4B85-8A50-DC12B4C3CFA2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:skype_technologies:skype:3.2.0.175:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3761EF03-CAA9-4B7B-A4A6-2D9BCF51273D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:skype_technologies:skype:3.5.0.107:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"55FAFD26-50E2-426A-8AB4-710592C4DAD9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:skype_technologies:skype:3.5.0.158:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"15CA94B8-692A-4A05-8AA5-AD8C59C73868\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:skype_technologies:skype:3.5.0.178:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"9191D269-3F5D-4F49-A12C-5E87A545C6E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:skype_technologies:skype:3.5.0.202:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D1AA43F-6A09-4D8C-A766-7224EDB0D8D3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:skype_technologies:skype:3.5.0.214:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B285100-B72C-46AD-A765-F051E50508A2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:skype_technologies:skype:3.5.0.229:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C564D31-1BFE-49B6-9F17-0DD1E6DF75F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:skype_technologies:skype:3.5.0.234:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE08B27C-D397-4B16-BD1C-887FEFEFF78B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:skype_technologies:skype:3.5.0.239:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F7AE9DCD-577F-4F91-A193-28E56573D4F4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:skype_technologies:skype:3.6.0.127:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"4FF70951-D17A-48E0-95D7-29F8284E5339\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:skype_technologies:skype:3.6.0.159:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B020197-18F2-44B9-AFE8-7D7759FF8344\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:skype_technologies:skype:3.6.0.216:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AC0CF569-D829-4230-BECB-E9EA2BC4F0B1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:skype_technologies:skype:3.6.0.244:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"95648140-386E-4D8B-BE7E-9542333F0A8C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:skype_technologies:skype:3.6.0.248:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0DD8EA54-6762-4411-9146-82F7D780FAEE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:skype_technologies:skype:3.8.0.96:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB7841CC-B54C-4EDC-B17A-A2DD97F01476\"}]}]}],\"references\":[{\"url\":\"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=711\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/30547\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/29553\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1020201\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.skype.com/security/skype-sb-2008-003.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/1749/references\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/43044\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=711\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/30547\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/29553\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1020201\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.skype.com/security/skype-sb-2008-003.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/1749/references\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/43044\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…