CVE-2006-2312

Skype <2.5.78 - Command Injection

Title source: llm

Description

Argument injection vulnerability in the URI handler in Skype 2.0.*.104 and 2.5.*.0 through 2.5.*.78 for Windows allows remote authorized attackers to download arbitrary files via a URL that contains certain command-line switches.

References (9)

[Broken Link] http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0549.html

[Broken Link, Vendor Advisory] http://secunia.com/advisories/20154

[Third Party Advisory, US Government Resource] http://www.kb.cert.org/vuls/id/466428

[Broken Link] http://www.osvdb.org/25658

[Broken Link, Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/434707/30/4860/threaded

[Broken Link, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/18038

[Broken Link] http://www.skype.com/security/skype-sb-2006-001.html

[Broken Link, Vendor Advisory] http://www.vupen.com/english/advisories/2006/1871

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/26557

Scores

EPSS 0.0438

EPSS Percentile 88.8%

Classification

CWE

CWE-88

Status draft

Affected Products (1)

skype/skype < 2.0.0.105

Timeline

Published May 19, 2006

Tracked Since Feb 18, 2026