CVE-2008-0583 - Vulnerability Details - OpenCVE

Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.6.0.244, and earlier 3.5.x and 3.6.x versions, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Description and unspecified other metadata fields of a Metacafe movie submitted by Metacafe Pro to the Skype video gallery, accessible through a search within the (1) "Add video to chat" or (2) "Add video to mood" dialog, a different vector than CVE-2008-0454.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Skype Technologies	Skype

Configuration 1 [-]

OR	cpe:2.3:a:skype_technologies:skype:3.5:::::::*
	cpe:2.3:a:skype_technologies:skype:3.6:::::::*
	cpe:2.3:a:skype_technologies:skype:3.6.216:::::::*
	cpe:2.3:a:skype_technologies:skype:3.6.244:::::::*

No data.

References

Link	Providers
http://aviv.raffon.net/2008/01/22/NoMoreVideosForYouComeBackWhenPatchAvailable.aspx
http://skype.com/security/skype-sb-2008-001-update1.htm
http://www.kb.cert.org/vuls/id/794236
http://www.securityfocus.com/bid/27338
https://exchange.xforce.ibmcloud.com/vulnerabilities/39754

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-02-05T02:00:00

Updated: 2024-08-07T07:54:21.649Z

Reserved: 2008-02-04T00:00:00

Link: CVE-2008-0583

Vulnrichment

No data.

NVD

Status : Modified

Published: 2008-02-05T03:00:00.000

Modified: 2024-11-21T00:42:26.377

Link: CVE-2008-0583

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-01-22T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.6.0.244, and earlier 3.5.x and 3.6.x versions, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Description and unspecified other metadata fields of a Metacafe movie submitted by Metacafe Pro to the Skype video gallery, accessible through a search within the (1) \"Add video to chat\" or (2) \"Add video to mood\" dialog, a different vector than CVE-2008-0454."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "skype-addvideotochat-code-execution(39754)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39754"}, {"tags": ["x_refsource_MISC"], "url": "http://aviv.raffon.net/2008/01/22/NoMoreVideosForYouComeBackWhenPatchAvailable.aspx"}, {"name": "27338", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/27338"}, {"name": "VU#794236", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/794236"}, {"tags": ["x_refsource_MISC"], "url": "http://skype.com/security/skype-sb-2008-001-update1.htm"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-0583", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.6.0.244, and earlier 3.5.x and 3.6.x versions, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Description and unspecified other metadata fields of a Metacafe movie submitted by Metacafe Pro to the Skype video gallery, accessible through a search within the (1) \"Add video to chat\" or (2) \"Add video to mood\" dialog, a different vector than CVE-2008-0454."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "skype-addvideotochat-code-execution(39754)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39754"}, {"name": "http://aviv.raffon.net/2008/01/22/NoMoreVideosForYouComeBackWhenPatchAvailable.aspx", "refsource": "MISC", "url": "http://aviv.raffon.net/2008/01/22/NoMoreVideosForYouComeBackWhenPatchAvailable.aspx"}, {"name": "27338", "refsource": "BID", "url": "http://www.securityfocus.com/bid/27338"}, {"name": "VU#794236", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/794236"}, {"name": "http://skype.com/security/skype-sb-2008-001-update1.htm", "refsource": "MISC", "url": "http://skype.com/security/skype-sb-2008-001-update1.htm"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T07:54:21.649Z"}, "title": "CVE Program Container", "references": [{"name": "skype-addvideotochat-code-execution(39754)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39754"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://aviv.raffon.net/2008/01/22/NoMoreVideosForYouComeBackWhenPatchAvailable.aspx"}, {"name": "27338", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/27338"}, {"name": "VU#794236", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/794236"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://skype.com/security/skype-sb-2008-001-update1.htm"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-0583", "datePublished": "2008-02-05T02:00:00", "dateReserved": "2008-02-04T00:00:00", "dateUpdated": "2024-08-07T07:54:21.649Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:skype_technologies:skype:3.5:*:*:*:*:*:*:*", "matchCriteriaId": "D09CC031-8F8F-4BC4-AEFF-4FD98411B272", "vulnerable": true}, {"criteria": "cpe:2.3:a:skype_technologies:skype:3.6:*:*:*:*:*:*:*", "matchCriteriaId": "AD01462B-281F-4299-8D85-3FC6E6D392A8", "vulnerable": true}, {"criteria": "cpe:2.3:a:skype_technologies:skype:3.6.216:*:*:*:*:*:*:*", "matchCriteriaId": "AC06202D-D53C-4BC7-9FB6-0C35B0E6DEF8", "vulnerable": true}, {"criteria": "cpe:2.3:a:skype_technologies:skype:3.6.244:*:*:*:*:*:*:*", "matchCriteriaId": "6E246DFC-5427-496D-9791-FD8B1C408D61", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.6.0.244, and earlier 3.5.x and 3.6.x versions, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Description and unspecified other metadata fields of a Metacafe movie submitted by Metacafe Pro to the Skype video gallery, accessible through a search within the (1) \"Add video to chat\" or (2) \"Add video to mood\" dialog, a different vector than CVE-2008-0454."}, {"lang": "es", "value": "Vulnerabilidad de secuencias de comandos en zonas cruzadas en el control web de Internet Explorer en Skype 3.6.0.244 y las versiones anteriores 3.5.x y 3.6.x. En Windows permite que atacantes remotos con la intervenci\u00f3n del usuario puedan inyectar secuencias de comandos web o HTMLs de su elecci\u00f3n en la Zona de la M\u00e1quina Local a trav\u00e9s de Description (descripci\u00f3n) y otros campos metadata sin especificar de una pel\u00edcula Metacafe enviada por Metacafe Pro a la galer\u00eda de v\u00eddeo de Skype. Lo hace accesible a trav\u00e9s de una b\u00fasqueda dentro de el di\u00e1logo (1) \"Add video to chat (A\u00f1adir el v\u00eddeo al chat)\" o (2) \"Add video to mood (A\u00f1adir v\u00eddeo al modo)\" , un vector distinto a CVE-2008-0454."}], "id": "CVE-2008-0583", "lastModified": "2024-11-21T00:42:26.377", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2008-02-05T03:00:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://aviv.raffon.net/2008/01/22/NoMoreVideosForYouComeBackWhenPatchAvailable.aspx"}, {"source": "cve@mitre.org", "url": "http://skype.com/security/skype-sb-2008-001-update1.htm"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/794236"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/27338"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39754"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://aviv.raffon.net/2008/01/22/NoMoreVideosForYouComeBackWhenPatchAvailable.aspx"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://skype.com/security/skype-sb-2008-001-update1.htm"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/794236"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/27338"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39754"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}]}