Skype 3.6.0.248, and other versions before 3.8.0.139, uses a case-sensitive comparison when checking for dangerous extensions, which allows user-assisted remote attackers to bypass warning dialogs and possibly execute arbitrary code via a file: URI with a dangerous extension that uses a different case.
References
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2008-06-06 22:32
Updated : 2024-02-04 17:33
NVD link : CVE-2008-2545
Mitre link : CVE-2008-2545
CVE.ORG link : CVE-2008-2545
JSON object : View
Products Affected
skype_technologies
- skype
CWE
CWE-20
Improper Input Validation