Unrated severityNVD Advisory· Published Feb 5, 2008· Updated Apr 23, 2026

CVE-2008-0582

Description

Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.1 through 3.6.0.244 on Windows allows remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Full Name field of a reviewer of a business item entry, accessible through (1) the SkypeFind dialog and (2) a skype:?skypefind URI for the skype: URI handler.

Affected products

Skype Technologies/Skype5 versions
cpe:2.3:a:skype_technologies:skype:3.1:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:skype_technologies:skype:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:skype_technologies:skype:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:skype_technologies:skype:3.5:*:*:*:*:*:*:*
- cpe:2.3:a:skype_technologies:skype:3.6:*:*:*:*:*:*:*
- cpe:2.3:a:skype_technologies:skype:3.6.0.244:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.kb.cert.org/vuls/id/794236nvdUS Government Resource
aviv.raffon.net/2008/01/31/AttackersCanSkypeFindYou.aspxnvd
www.securityfocus.com/archive/1/487370/100/0/threadednvd
www.securityfocus.com/bid/27338nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000