CVE-2006-2312
CVE-2006-2312 is a low-severity vulnerability in Skype with a CVSS 2.0 base score of 2.6. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-88.
Key facts
- Severity: Low (CVSS 2.0 base score 2.6)
- EPSS exploit prediction: 4% (90th percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-88
- Affected product: Skype
- Published:
- Last modified:
Description
Argument injection vulnerability in the URI handler in Skype 2.0.*.104 and 2.5.*.0 through 2.5.*.78 for Windows allows remote authorized attackers to download arbitrary files via a URL that contains certain command-line switches.
Frequently asked questions
- What is CVE-2006-2312?
- Argument injection vulnerability in the URI handler in Skype 2.0.*.104 and 2.5.*.0 through 2.5.*.78 for Windows allows remote authorized attackers to download arbitrary files via a URL that contains certain command-line switches.
- How severe is CVE-2006-2312?
- CVE-2006-2312 has a CVSS 2.0 base score of 2.6, rated low severity.
- Is CVE-2006-2312 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 4% (90th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2006-2312?
- CVE-2006-2312 affects Skype. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2006-2312?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2006-2312 published?
- CVE-2006-2312 was published on 2006-05-19 and last updated on 2026-06-16.
References
- http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0549.html
- http://secunia.com/advisories/20154
- http://www.kb.cert.org/vuls/id/466428
- http://www.osvdb.org/25658
- http://www.securityfocus.com/archive/1/434707/30/4860/threaded
- http://www.securityfocus.com/bid/18038
- http://www.skype.com/security/skype-sb-2006-001.html
- http://www.vupen.com/english/advisories/2006/1871
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26557
Affected products (1)
- cpe:2.3:a:skype:skype:*:*:*:*:*:*:*:*
More vulnerabilities in Skype
- CVE-2009-4741 — Critical (CVSS 10.0): Unspecified vulnerability in the Extras Manager before 2.0.0.67 in Skype before 4.1.0.179 on Windows has unknown impact…
- CVE-2010-3136 — Critical (CVSS 9.3): Untrusted search path vulnerability in Skype 4.2.0.169 and earlier allows local users, and possibly remote attackers,…
- CVE-2024-21411 — High (CVSS 8.8): Skype for Consumer Remote Code Execution Vulnerability
- CVE-2011-2074 — High (CVSS 8.5): Unspecified vulnerability in the client in Skype 5.x before 5.1.0.922 on Mac OS X allows remote authenticated users to…
- CVE-2004-1778 — Medium (CVSS 4.6): Skype 0.92.0.12 and 1.0.0.1 for Linux, and possibly other versions, creates the /usr/share/skype/lang directory with…
Other CWE-88 (Argument Injection) vulnerabilities
- CVE-2026-57572 — Critical (CVSS 10.0): Crawl4AI is an open-source LLM-friendly web crawler and scraper. Prior to 0.9.0, the Docker API server accepted…
- CVE-2026-40281 — Critical (CVSS 10.0): Gotenberg is a Docker-powered stateless API for PDF files. In versions 8.30.1 and earlier, the metadata write endpoint…
- CVE-2023-6269 — Critical (CVSS 10.0): An argument injection vulnerability has been identified in the administrative web interface of the Atos Unify…
- CVE-2007-0882 — Critical (CVSS 10.0): Argument injection vulnerability in the telnet daemon (in.telnetd) in Solaris 10 and 11 (SunOS 5.10 and 5.11)…
- CVE-2004-0480 — Critical (CVSS 10.0): Argument injection vulnerability in IBM Lotus Notes 6.0.3 and 6.5 allows remote attackers to execute arbitrary code via…
- CVE-1999-0113 — Critical (CVSS 10.0): Some implementations of rlogin allow root access if given a -froot parameter.