Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Skype security vulnerability

Skype security vulnerability

by Nikola Strahija on May 20th, 2006 The famous VoIP client has been hit by a bug which allows attackers to initiate file downloads without specific user consent.


-An attacker who constructs a Skype URL that is malformed in a specific way can initiate the transfer of a single named file from one Skype user to another, provided that the sender follows the malicious link and that the recipient has previously authorized the
sender, says the Skype advisory on the bug.

The problem seems to be Skype's incorrect parsing of the parameters passed by the URI handler.

Because of its nature, this flaw was given a moderately critical rating and has been already patched by the company. Skype for Windows, all releases prior to and including 2.0.*.104, release 2.5.*.0 to and including 2.5.*.78 are vulnerable.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »