Skype “callto:” URI Handler Buffer Overflow Vulnerability
- 0
- Add a Comment
- No Related Post
Critical: Highly critical Impact: System access Where: From remote Solution Status: Vendor Patch Software: Skype for Windows 1.x
A vulnerability has been reported in Skype, which can be exploited by malicious people to compromise a user’s system.
The vulnerability is caused due to a boundary error within the handling of command line arguments. This can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into visiting a malicious web site, which passes an overly long string (more than 4096 bytes) to the “callto:” URI handler.
Successful exploitation may allow execution of arbitrary code.
The vulnerability affects versions 1.0.*.95 through 1.0.*.98.
Solution: Update to version 1.0.0.100.
http://www.skype.com/products/skype/windows/
