Skype 0.92.0.12 and 1.0.0.1 for Linux, and possibly other versions, creates the /usr/share/skype/lang directory with world-writable permissions, which allows local users to modify language files and possibly conduct social engineering or other attacks.
References
Link | Resource |
---|---|
http://marc.info/?l=bugtraq&m=110374568916303&w=2 | Issue Tracking Mailing List Third Party Advisory |
http://marc.info/?l=bugtraq&m=110868557905786&w=2 | Issue Tracking Mailing List Third Party Advisory |
http://www.securityfocus.com/bid/12081 | Broken Link Third Party Advisory VDB Entry Vendor Advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/18644 | Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
|
History
07 Feb 2022, 19:45
Type | Values Removed | Values Added |
---|---|---|
References | (BUGTRAQ) http://marc.info/?l=bugtraq&m=110868557905786&w=2 - Issue Tracking, Mailing List, Third Party Advisory | |
References | (BUGTRAQ) http://marc.info/?l=bugtraq&m=110374568916303&w=2 - Issue Tracking, Mailing List, Third Party Advisory | |
References | (BID) http://www.securityfocus.com/bid/12081 - Broken Link, Third Party Advisory, VDB Entry, Vendor Advisory | |
References | (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/18644 - Third Party Advisory, VDB Entry | |
CPE | cpe:2.3:a:skype_technologies:skype:1.0.0.1:*:*:*:*:*:*:* |
cpe:2.3:a:skype:skype:1.0.0.1:*:*:*:*:*:*:* cpe:2.3:a:skype:skype:0.92.0.12:*:*:*:*:*:*:* |
CWE | CWE-276 |
Information
Published : 2004-12-22 05:00
Updated : 2024-02-04 16:31
NVD link : CVE-2004-1778
Mitre link : CVE-2004-1778
CVE.ORG link : CVE-2004-1778
JSON object : View
Products Affected
skype
- skype
CWE
CWE-276
Incorrect Default Permissions