CVE-2006-2312

Name of the Vulnerable Software and Affected Versions Skype versions 2.0..104 through 2.5..78

Description The issue is an argument injection vulnerability in the URI handler that allows remote authorized attackers to download arbitrary files via a crafted URL. This can lead to unauthorized information disclosure when a malicious user sends a crafted URL to a targeted user, resulting in a loss of confidentiality.

Recommendations For Skype versions 2.0..104 through 2.5..78, avoid using the URI handler until a patch is available. As a temporary workaround, consider restricting access to the URI handler to minimize the risk of exploitation.