PT-2004-2678 · Microsoft · Skype
Peter Conrad
·
Publicado
2004-12-22
·
Atualizado
2022-02-07
·
CVE-2004-1778
CVSS v2.0
4.6
Média
| Vetor | AV:L/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Skype versions 0.92.0.12 through 1.0.0.1
Description
The issue allows local users to modify language files due to world-writable permissions in the /usr/share/skype/lang directory. This could potentially be used for social engineering or other attacks.
Recommendations
For versions 0.92.0.12 through 1.0.0.1, consider changing the permissions of the /usr/share/skype/lang directory to prevent world-writable access.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Incorrect Default Permissions
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Skype