cvelistv5 - cve-2006-2312

CVE-2006-2312 (GCVE-0-2006-2312)

Vulnerability from cvelistv5 – Published: 2006-05-19 21:00 – Updated: 2024-08-07 17:43

Summary

Argument injection vulnerability in the URI handler in Skype 2.0.*.104 and 2.5.*.0 through 2.5.*.78 for Windows allows remote authorized attackers to download arbitrary files via a URL that contains certain command-line switches.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://archives.neohapsis.com/archives/fulldisclo…	mailing-listx_refsource_FULLDISC
	http://www.securityfocus.com/bid/18038	vdb-entryx_refsource_BID
	http://www.kb.cert.org/vuls/id/466428	third-party-advisoryx_refsource_CERT-VN
	http://www.vupen.com/english/advisories/2006/1871	vdb-entryx_refsource_VUPEN
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.securityfocus.com/archive/1/434707/30/…	mailing-listx_refsource_BUGTRAQ
	http://www.osvdb.org/25658	vdb-entryx_refsource_OSVDB
	http://secunia.com/advisories/20154	third-party-advisoryx_refsource_SECUNIA
	http://www.skype.com/security/skype-sb-2006-001.html	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T17:43:29.102Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20060521 Skype - URI Handler Command Switch Parsing",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0549.html"
          },
          {
            "name": "18038",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/18038"
          },
          {
            "name": "VU#466428",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/466428"
          },
          {
            "name": "ADV-2006-1871",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/1871"
          },
          {
            "name": "skype-uri-handler-file-access(26557)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26557"
          },
          {
            "name": "20060521 Skype - URI Handler Command Switch Parsing",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/434707/30/4860/threaded"
          },
          {
            "name": "25658",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/25658"
          },
          {
            "name": "20154",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20154"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.skype.com/security/skype-sb-2006-001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-05-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Argument injection vulnerability in the URI handler in Skype 2.0.*.104 and 2.5.*.0 through 2.5.*.78 for Windows allows remote authorized attackers to download arbitrary files via a URL that contains certain command-line switches."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-18T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20060521 Skype - URI Handler Command Switch Parsing",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0549.html"
        },
        {
          "name": "18038",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/18038"
        },
        {
          "name": "VU#466428",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/466428"
        },
        {
          "name": "ADV-2006-1871",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/1871"
        },
        {
          "name": "skype-uri-handler-file-access(26557)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26557"
        },
        {
          "name": "20060521 Skype - URI Handler Command Switch Parsing",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/434707/30/4860/threaded"
        },
        {
          "name": "25658",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/25658"
        },
        {
          "name": "20154",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20154"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.skype.com/security/skype-sb-2006-001.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-2312",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Argument injection vulnerability in the URI handler in Skype 2.0.*.104 and 2.5.*.0 through 2.5.*.78 for Windows allows remote authorized attackers to download arbitrary files via a URL that contains certain command-line switches."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20060521 Skype - URI Handler Command Switch Parsing",
              "refsource": "FULLDISC",
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0549.html"
            },
            {
              "name": "18038",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/18038"
            },
            {
              "name": "VU#466428",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/466428"
            },
            {
              "name": "ADV-2006-1871",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/1871"
            },
            {
              "name": "skype-uri-handler-file-access(26557)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26557"
            },
            {
              "name": "20060521 Skype - URI Handler Command Switch Parsing",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/434707/30/4860/threaded"
            },
            {
              "name": "25658",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/25658"
            },
            {
              "name": "20154",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20154"
            },
            {
              "name": "http://www.skype.com/security/skype-sb-2006-001.html",
              "refsource": "CONFIRM",
              "url": "http://www.skype.com/security/skype-sb-2006-001.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-2312",
    "datePublished": "2006-05-19T21:00:00",
    "dateReserved": "2006-05-11T00:00:00",
    "dateUpdated": "2024-08-07T17:43:29.102Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:skype:skype:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.0.0.105\", \"matchCriteriaId\": \"6A0E061A-71C1-433B-AB31-6E2F67F91613\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:skype:skype:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.5.0.0\", \"versionEndExcluding\": \"2.5.0.79\", \"matchCriteriaId\": \"45A2F435-8951-44FC-A081-67B385A36727\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2CF61F35-5905-4BA9-AD7E-7DB261D2F256\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Argument injection vulnerability in the URI handler in Skype 2.0.*.104 and 2.5.*.0 through 2.5.*.78 for Windows allows remote authorized attackers to download arbitrary files via a URL that contains certain command-line switches.\"}]",
      "evaluatorSolution": "Update to the fixed versions.",
      "id": "CVE-2006-2312",
      "lastModified": "2024-11-21T00:11:02.333",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:H/Au:N/C:P/I:N/A:N\", \"baseScore\": 2.6, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"HIGH\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 4.9, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2006-05-19T21:02:00.000",
      "references": "[{\"url\": \"http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0549.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://secunia.com/advisories/20154\", \"source\": \"cve@mitre.org\", \"tags\": [\"Broken Link\", \"Vendor Advisory\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/466428\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"http://www.osvdb.org/25658\", \"source\": \"cve@mitre.org\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/434707/30/4860/threaded\", \"source\": \"cve@mitre.org\", \"tags\": [\"Broken Link\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securityfocus.com/bid/18038\", \"source\": \"cve@mitre.org\", \"tags\": [\"Broken Link\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.skype.com/security/skype-sb-2006-001.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2006/1871\", \"source\": \"cve@mitre.org\", \"tags\": [\"Broken Link\", \"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/26557\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0549.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://secunia.com/advisories/20154\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\", \"Vendor Advisory\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/466428\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"http://www.osvdb.org/25658\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/434707/30/4860/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securityfocus.com/bid/18038\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.skype.com/security/skype-sb-2006-001.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2006/1871\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\", \"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/26557\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-88\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2006-2312\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2006-05-19T21:02:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Argument injection vulnerability in the URI handler in Skype 2.0.*.104 and 2.5.*.0 through 2.5.*.78 for Windows allows remote authorized attackers to download arbitrary files via a URL that contains certain command-line switches.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:P/I:N/A:N\",\"baseScore\":2.6,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":4.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-88\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:skype:skype:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.0.0.105\",\"matchCriteriaId\":\"6A0E061A-71C1-433B-AB31-6E2F67F91613\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:skype:skype:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.5.0.0\",\"versionEndExcluding\":\"2.5.0.79\",\"matchCriteriaId\":\"45A2F435-8951-44FC-A081-67B385A36727\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CF61F35-5905-4BA9-AD7E-7DB261D2F256\"}]}]}],\"references\":[{\"url\":\"http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0549.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/20154\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/466428\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.osvdb.org/25658\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.securityfocus.com/archive/1/434707/30/4860/threaded\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/18038\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.skype.com/security/skype-sb-2006-001.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/1871\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/26557\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0549.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/20154\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/466428\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.osvdb.org/25658\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.securityfocus.com/archive/1/434707/30/4860/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/18038\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.skype.com/security/skype-sb-2006-001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/1871\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/26557\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}],\"evaluatorSolution\":\"Update to the fixed versions.\"}}"
  }
}

FKIE_CVE-2006-2312

Vulnerability from fkie_nvd - Published: 2006-05-19 21:02 - Updated: 2025-04-03 01:03

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0549.html	Broken Link
cve@mitre.org	http://secunia.com/advisories/20154	Broken Link, Vendor Advisory
cve@mitre.org	http://www.kb.cert.org/vuls/id/466428	Third Party Advisory, US Government Resource
cve@mitre.org	http://www.osvdb.org/25658	Broken Link
cve@mitre.org	http://www.securityfocus.com/archive/1/434707/30/4860/threaded	Broken Link, Third Party Advisory, VDB Entry
cve@mitre.org	http://www.securityfocus.com/bid/18038	Broken Link, Third Party Advisory, VDB Entry
cve@mitre.org	http://www.skype.com/security/skype-sb-2006-001.html	Broken Link
cve@mitre.org	http://www.vupen.com/english/advisories/2006/1871	Broken Link, Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/26557	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0549.html	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/20154	Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/466428	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/25658	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/434707/30/4860/threaded	Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/18038	Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.skype.com/security/skype-sb-2006-001.html	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/1871	Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/26557	Third Party Advisory, VDB Entry

Impacted products

Vendor	Product	Version
skype	skype	*
skype	skype	*
microsoft	windows	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:skype:skype:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A0E061A-71C1-433B-AB31-6E2F67F91613",
              "versionEndExcluding": "2.0.0.105",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:skype:skype:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "45A2F435-8951-44FC-A081-67B385A36727",
              "versionEndExcluding": "2.5.0.79",
              "versionStartIncluding": "2.5.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Argument injection vulnerability in the URI handler in Skype 2.0.*.104 and 2.5.*.0 through 2.5.*.78 for Windows allows remote authorized attackers to download arbitrary files via a URL that contains certain command-line switches."
    }
  ],
  "evaluatorSolution": "Update to the fixed versions.",
  "id": "CVE-2006-2312",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2006-05-19T21:02:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0549.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/20154"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/466428"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.osvdb.org/25658"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/434707/30/4860/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/18038"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.skype.com/security/skype-sb-2006-001.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/1871"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26557"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0549.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/20154"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/466428"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.osvdb.org/25658"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/434707/30/4860/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/18038"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.skype.com/security/skype-sb-2006-001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/1871"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26557"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-88"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTA-2006-AVI-209

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été identifiée dans Skype, pour certaines versions fonctionnant sous Microsoft Windows. Elle permet à un utilisateur distant malveillant de transférer des fichiers sans le consentement préalable de la personne qui aurait décidé d'utiliser Skype sur la machine ciblée.

Description

Une vulnérabilité a été identifiée dans Skype, pour certaines versions fonctionnant sous Microsoft Windows. Elle concerne le traitement des paramètres liés à l'analyse des adresses réticulaires (ou URI pour Uniform Resource Identifier). Une personne utilisant Skype peut se faire dérober des informations par un utilisateur distant : celui-ci doit contruire une adresse réticulaire malveillante exploitant la vulnérabilité précédente. Si l'utilisateur clique dessus, cela démarre l'envoi de fichiers depuis sa machine et à son insu. Cette attaque implique néanmoins que les deux parties soient préalablement d'accord pour communiquer (donc une fois la phase d'autorisation établie).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

La vulnérabilité concerne les versions Skype fonctionnant sous Microsoft Windows. Les versions impactées sont :

la version 2.0.*.104 et celles antérieures ;
la verson 2.5.*.78 et celles antérieures.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de mise à jour de Skype	None	vendor-advisory
Mise à jour fournie par l'éditeur Skype :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eLa vuln\u00e9rabilit\u00e9 concerne les versions Skype fonctionnant sous  Microsoft Windows. Les versions impact\u00e9es sont :\u003c/P\u003e  \u003cUL\u003e    \u003cLI\u003ela version 2.0.*.104 et celles ant\u00e9rieures ;\u003c/LI\u003e    \u003cLI\u003ela verson 2.5.*.78 et celles ant\u00e9rieures.\u003c/LI\u003e  \u003c/UL\u003e",
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 identifi\u00e9e dans Skype, pour certaines versions\nfonctionnant sous Microsoft Windows. Elle concerne le traitement des\nparam\u00e8tres li\u00e9s \u00e0 l\u0027analyse des adresses r\u00e9ticulaires (ou URI pour\nUniform Resource Identifier). Une personne utilisant Skype peut se faire\nd\u00e9rober des informations par un utilisateur distant : celui-ci doit\ncontruire une adresse r\u00e9ticulaire malveillante exploitant la\nvuln\u00e9rabilit\u00e9 pr\u00e9c\u00e9dente. Si l\u0027utilisateur clique dessus, cela d\u00e9marre\nl\u0027envoi de fichiers depuis sa machine et \u00e0 son insu. Cette attaque\nimplique n\u00e9anmoins que les deux parties soient pr\u00e9alablement d\u0027accord\npour communiquer (donc une fois la phase d\u0027autorisation \u00e9tablie).\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2006-2312",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-2312"
    }
  ],
  "links": [
    {
      "title": "Mise \u00e0 jour fournie par l\u0027\u00e9diteur Skype :",
      "url": "http://www.skype.com/download/skype/windows/"
    }
  ],
  "reference": "CERTA-2006-AVI-209",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2006-05-22T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 identifi\u00e9e dans Skype, pour certaines versions\nfonctionnant sous Microsoft Windows. Elle permet \u00e0 un utilisateur\ndistant malveillant de transf\u00e9rer des fichiers sans le consentement\npr\u00e9alable de la personne qui aurait d\u00e9cid\u00e9 d\u0027utiliser Skype sur la\nmachine cibl\u00e9e.\n",
  "title": "Vuln\u00e9rabilit\u00e9 de Skype pour Microsoft Windows",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de mise \u00e0 jour de Skype",
      "url": null
    }
  ]
}

CERTA-2006-AVI-209

Vulnerability from certfr_avis - Published: - Updated:

Description

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

La vulnérabilité concerne les versions Skype fonctionnant sous Microsoft Windows. Les versions impactées sont :

la version 2.0.*.104 et celles antérieures ;
la verson 2.5.*.78 et celles antérieures.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de mise à jour de Skype	None	vendor-advisory
Mise à jour fournie par l'éditeur Skype :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eLa vuln\u00e9rabilit\u00e9 concerne les versions Skype fonctionnant sous  Microsoft Windows. Les versions impact\u00e9es sont :\u003c/P\u003e  \u003cUL\u003e    \u003cLI\u003ela version 2.0.*.104 et celles ant\u00e9rieures ;\u003c/LI\u003e    \u003cLI\u003ela verson 2.5.*.78 et celles ant\u00e9rieures.\u003c/LI\u003e  \u003c/UL\u003e",
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 identifi\u00e9e dans Skype, pour certaines versions\nfonctionnant sous Microsoft Windows. Elle concerne le traitement des\nparam\u00e8tres li\u00e9s \u00e0 l\u0027analyse des adresses r\u00e9ticulaires (ou URI pour\nUniform Resource Identifier). Une personne utilisant Skype peut se faire\nd\u00e9rober des informations par un utilisateur distant : celui-ci doit\ncontruire une adresse r\u00e9ticulaire malveillante exploitant la\nvuln\u00e9rabilit\u00e9 pr\u00e9c\u00e9dente. Si l\u0027utilisateur clique dessus, cela d\u00e9marre\nl\u0027envoi de fichiers depuis sa machine et \u00e0 son insu. Cette attaque\nimplique n\u00e9anmoins que les deux parties soient pr\u00e9alablement d\u0027accord\npour communiquer (donc une fois la phase d\u0027autorisation \u00e9tablie).\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2006-2312",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-2312"
    }
  ],
  "links": [
    {
      "title": "Mise \u00e0 jour fournie par l\u0027\u00e9diteur Skype :",
      "url": "http://www.skype.com/download/skype/windows/"
    }
  ],
  "reference": "CERTA-2006-AVI-209",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2006-05-22T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 identifi\u00e9e dans Skype, pour certaines versions\nfonctionnant sous Microsoft Windows. Elle permet \u00e0 un utilisateur\ndistant malveillant de transf\u00e9rer des fichiers sans le consentement\npr\u00e9alable de la personne qui aurait d\u00e9cid\u00e9 d\u0027utiliser Skype sur la\nmachine cibl\u00e9e.\n",
  "title": "Vuln\u00e9rabilit\u00e9 de Skype pour Microsoft Windows",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de mise \u00e0 jour de Skype",
      "url": null
    }
  ]
}

GHSA-2MCC-MPMM-5889

Vulnerability from github – Published: 2022-05-01 06:57 – Updated: 2022-05-01 06:57

Details

Argument injection vulnerability in the URI handler in Skype 2.0..104 and 2.5..0 through 2.5.*.78 for Windows allows remote authorized attackers to download arbitrary files via a URL that contains certain command-line switches.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2006-2312"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-88",
      "CWE-94"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2006-05-19T21:02:00Z",
    "severity": "LOW"
  },
  "details": "Argument injection vulnerability in the URI handler in Skype 2.0.*.104 and 2.5.*.0 through 2.5.*.78 for Windows allows remote authorized attackers to download arbitrary files via a URL that contains certain command-line switches.",
  "id": "GHSA-2mcc-mpmm-5889",
  "modified": "2022-05-01T06:57:48Z",
  "published": "2022-05-01T06:57:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-2312"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26557"
    },
    {
      "type": "WEB",
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0549.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/20154"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/466428"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/25658"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/434707/30/4860/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/18038"
    },
    {
      "type": "WEB",
      "url": "http://www.skype.com/security/skype-sb-2006-001.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/1871"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2006-2312

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2006-2312

Aliases

CVE-2006-2312

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2006-2312",
    "description": "Argument injection vulnerability in the URI handler in Skype 2.0.*.104 and 2.5.*.0 through 2.5.*.78 for Windows allows remote authorized attackers to download arbitrary files via a URL that contains certain command-line switches.",
    "id": "GSD-2006-2312"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2006-2312"
      ],
      "details": "Argument injection vulnerability in the URI handler in Skype 2.0.*.104 and 2.5.*.0 through 2.5.*.78 for Windows allows remote authorized attackers to download arbitrary files via a URL that contains certain command-line switches.",
      "id": "GSD-2006-2312",
      "modified": "2023-12-13T01:19:53.333430Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2006-2312",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Argument injection vulnerability in the URI handler in Skype 2.0.*.104 and 2.5.*.0 through 2.5.*.78 for Windows allows remote authorized attackers to download arbitrary files via a URL that contains certain command-line switches."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20060521 Skype - URI Handler Command Switch Parsing",
            "refsource": "FULLDISC",
            "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0549.html"
          },
          {
            "name": "18038",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/18038"
          },
          {
            "name": "VU#466428",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/466428"
          },
          {
            "name": "ADV-2006-1871",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2006/1871"
          },
          {
            "name": "skype-uri-handler-file-access(26557)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26557"
          },
          {
            "name": "20060521 Skype - URI Handler Command Switch Parsing",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/434707/30/4860/threaded"
          },
          {
            "name": "25658",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/25658"
          },
          {
            "name": "20154",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/20154"
          },
          {
            "name": "http://www.skype.com/security/skype-sb-2006-001.html",
            "refsource": "CONFIRM",
            "url": "http://www.skype.com/security/skype-sb-2006-001.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:skype:skype:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "6A0E061A-71C1-433B-AB31-6E2F67F91613",
                    "versionEndExcluding": "2.0.0.105",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:skype:skype:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "45A2F435-8951-44FC-A081-67B385A36727",
                    "versionEndExcluding": "2.5.0.79",
                    "versionStartIncluding": "2.5.0.0",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              },
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
                    "vulnerable": false
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ],
            "operator": "AND"
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "Argument injection vulnerability in the URI handler in Skype 2.0.*.104 and 2.5.*.0 through 2.5.*.78 for Windows allows remote authorized attackers to download arbitrary files via a URL that contains certain command-line switches."
          }
        ],
        "evaluatorSolution": "Update to the fixed versions.",
        "id": "CVE-2006-2312",
        "lastModified": "2024-02-13T17:47:48.567",
        "metrics": {
          "cvssMetricV2": [
            {
              "acInsufInfo": false,
              "baseSeverity": "LOW",
              "cvssData": {
                "accessComplexity": "HIGH",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "availabilityImpact": "NONE",
                "baseScore": 2.6,
                "confidentialityImpact": "PARTIAL",
                "integrityImpact": "NONE",
                "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              "exploitabilityScore": 4.9,
              "impactScore": 2.9,
              "obtainAllPrivilege": false,
              "obtainOtherPrivilege": false,
              "obtainUserPrivilege": false,
              "source": "nvd@nist.gov",
              "type": "Primary",
              "userInteractionRequired": true
            }
          ]
        },
        "published": "2006-05-19T21:02:00.000",
        "references": [
          {
            "source": "cve@mitre.org",
            "tags": [
              "Broken Link"
            ],
            "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0549.html"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Broken Link",
              "Vendor Advisory"
            ],
            "url": "http://secunia.com/advisories/20154"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Third Party Advisory",
              "US Government Resource"
            ],
            "url": "http://www.kb.cert.org/vuls/id/466428"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Broken Link"
            ],
            "url": "http://www.osvdb.org/25658"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Broken Link",
              "Third Party Advisory",
              "VDB Entry"
            ],
            "url": "http://www.securityfocus.com/archive/1/434707/30/4860/threaded"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Broken Link",
              "Third Party Advisory",
              "VDB Entry"
            ],
            "url": "http://www.securityfocus.com/bid/18038"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Broken Link"
            ],
            "url": "http://www.skype.com/security/skype-sb-2006-001.html"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Broken Link",
              "Vendor Advisory"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/1871"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Third Party Advisory",
              "VDB Entry"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26557"
          }
        ],
        "sourceIdentifier": "cve@mitre.org",
        "vulnStatus": "Analyzed",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-88"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          }
        ]
      }
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2006-2312 (GCVE-0-2006-2312)

FKIE_CVE-2006-2312

CERTA-2006-AVI-209

Description

Solution

CERTA-2006-AVI-209

Description

Solution

GHSA-2MCC-MPMM-5889

GSD-2006-2312

Tags

Sightings

Nomenclature