Skype has posted on their blog about a vulnerability in all versions of Skype for Windows prior to 3.6.x.216. A fix for this vulnerability was released on November 15 however they, “failed to bring the case to the public’s attention.”

The flaw exists within the skype4com URI handler component of Skype. An exploitable memory corruption may occur during the parsing of URIs which can result in arbitrary code execution under the user rights of the current Windows account.

Skype is urging all Skype users to upgrade their copy of Skype and to only run the latest version of Skype to prevent falling pray to this and other vulnerabilities.

[Vulnerability in Skype for Windows versions older than 3.6.x.216]

[tags]antivirus, antivirus software, anti virus, anti virus software[/tags]