CVE-2008-0583

Name of the Vulnerable Software and Affected Versions Skype versions 3.5.x and earlier, Skype versions 3.6.0 through 3.6.0.244

Description A cross-zone scripting issue allows remote attackers to inject arbitrary web script or HTML in the Local Machine Zone. This can be achieved through the Description and other metadata fields of a Metacafe movie submitted to the Skype video gallery. The vulnerability can be accessed via the "Add video to chat" or "Add video to mood" dialog.

Recommendations For Skype versions 3.5.x and earlier, and Skype versions 3.6.0 through 3.6.0.244, consider disabling access to the Skype video gallery until a patch is available. Restrict the use of the "Add video to chat" and "Add video to mood" dialogs to minimize the risk of exploitation. Avoid using the Description field in Metacafe movie submissions to the Skype video gallery until the issue is resolved.