CVE-2008-0582

Name of the Vulnerable Software and Affected Versions Skype versions 3.1 through 3.6.0.244

Description A cross-zone scripting issue allows remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Full Name field of a reviewer of a business item entry. This can be accessed through the SkypeFind dialog and a skype:?skypefind URI for the skype: URI handler.

Recommendations For Skype versions 3.1 through 3.6.0.244, consider restricting access to the SkypeFind dialog and skype:?skypefind URI handler until a fix is available. As a temporary workaround, avoid using the Full Name field in the reviewer of a business item entry to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.