10/25/2005

Skype Highly Critical Vulnerabilities Discovered (And Fixed)

Filed under: — By Aviran Mordo @ 9:47 am

Some vulnerabilities have been reported in Skype, which can be exploited by malicious people to cause a DoS or to compromise a user’s system.

The security bug in the Skype for Windows user client has been identified and fixed.

Skype can be made to execute arbitrary code through a buffer overflow when Skype is called upon to handle malformed URLs that are in Skype-specific URI types callto:// and skype://.

In addition, Skype can be made to execute arbitrary code during importation of a VCARD that is in a specific non-standard format.

Another flaw that was fix could cause Skype to be remotely forced to crash due to an error in bounds checking in a specific networking routine.

Security company Secunia rated these problems as Highly critical.

The following Skype clients are vulnerable to these flaws:

Skype for Windows:
All releases prior to and including 1.4.*.83

Skype for Mac OS X:
All releases prior to and including 1.3.*.16

Skype for Linux:
All releases prior to and including 1.2.*.17

Skype for Pocket PC:
All releases prior to and including 1.1.*.6

Skype has released fixes to these vulnerabilities and advise people to download the latest version

 

Leave a Reply

You must have Javascript enabled in order to submit comments.

All fields are optional (except comment).
Some comments may be held for moderation (depends on spam filter) and not show up immediately.
Links will automatically get rel="nofollow" attribute to deter spammers.

Powered by WordPress