Skype Technologies: >> Skype >> 3.0.0.154 Security Vulnerabilities
Incomplete blacklist vulnerability in Skype 3.6.0.248, and other versions before 3.8.0.139, allows user-assisted remote attackers to bypass warning dialogs and possibly execute arbitrary code via a file: URI that ends in an executable extension that is not covered by the blacklist.
CVSS Score
9.3
EPSS Score
0.017
Published
2008-06-06
Skype 3.6.0.248, and other versions before 3.8.0.139, uses a case-sensitive comparison when checking for dangerous extensions, which allows user-assisted remote attackers to bypass warning dialogs and possibly execute arbitrary code via a file: URI with a dangerous extension that uses a different case.
CVSS Score
9.3
EPSS Score
0.017
Published
2008-06-06