Executive Summary

Informations
Name CVE-2008-0583 First vendor Publication 2008-02-04
Vendor Cve Last vendor Modification 2017-08-08

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Cvss Base Score 4.3 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.6.0.244, and earlier 3.5.x and 3.6.x versions, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Description and unspecified other metadata fields of a Metacafe movie submitted by Metacafe Pro to the Skype video gallery, accessible through a search within the (1) "Add video to chat" or (2) "Add video to mood" dialog, a different vector than CVE-2008-0454.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0583

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-94 Failure to Control Generation of Code ('Code Injection')

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:26528
 
Oval ID: oval:org.mitre.oval:def:26528
Title: Cross-zone scripting vulnerability
Description: Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.6.0.244, and earlier 3.5.x and 3.6.x versions, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Description and unspecified other metadata fields of a Metacafe movie submitted by Metacafe Pro to the Skype video gallery, accessible through a search within the (1) "Add video to chat" or (2) "Add video to mood" dialog, a different vector than CVE-2008-0454.
Family: windows Class: vulnerability
Reference(s): CVE-2008-0583
 Version: 3
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Microsoft Windows 8
Microsoft Windows 8.1
 Product(s): Skype
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 4

Open Source Vulnerability Database (OSVDB)

Id Description
42868 Skype Metacafe Pro Gallery Submitted Movie Multiple Field Cross-zone Scripting

Nessus® Vulnerability Scanner

Date Description
2008-02-07 Name : The remote Skype client is affected by a remote code execution issue through ...
File : skype_2008_001.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/27338
CERT-VN http://www.kb.cert.org/vuls/id/794236
MISC http://aviv.raffon.net/2008/01/22/NoMoreVideosForYouComeBackWhenPatchAvailabl...
http://skype.com/security/skype-sb-2008-001-update1.htm
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/39754

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
Date Informations
2021-05-04 12:07:04
  • Multiple Updates
2021-04-22 01:07:30
  • Multiple Updates
2020-05-23 00:21:12
  • Multiple Updates
2017-08-08 09:23:51
  • Multiple Updates
2014-02-17 10:43:38
  • Multiple Updates
2013-05-11 00:08:31
  • Multiple Updates