CVE-2004-1778

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 22-12-2004 06:00

Last modified: - 07-02-2022 08:45

Total changes: - 2

Description

Skype 0.92.0.12 and 1.0.0.1 for Linux, and possibly other versions, creates the /usr/share/skype/lang directory with world-writable permissions, which allows local users to modify language files and possibly conduct social engineering or other attacks.

Common Vulnerability Scoring System (CVSS)

AV:L/AC:L/Au:N/C:P/I:P/A:P

Low

Attack complexity

Local

Attack vector

Low

Availability

Low

Confidentiality

Low

Integrity

Privileges required

Scope

User interaction

4.6

Base score

3.9

6.4

Exploitability score

Impact score

Verification logic

vendor=skype AND product=skype AND version=0.92.0.12

vendor=skype AND product=skype AND version=1.0.0.1

Reference

12081-Broken Link, Third Party Advisory, VDB Entry, Vendor Advisory
20041222 Permission problem in Skype BETA for linux-Issue Tracking, Mailing List, Third Party Advisory
20050216 Re: Permission problem in Skype BETA for linux-Issue Tracking, Mailing List, Third Party Advisory
skype-lang-insecure-permissions(18644)-Third Party Advisory, VDB Entry

Keywords

CVE-2004-1778

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2004-1778

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures