New Skype Patches Critical Flaws

Wednesday, October 26, 2005

New Skype Patches Critical Flaws

You are sending an email that contains the article
and a private message for your recipient(s).

Your Name:

Your e-mail:

* Required!

Recipient (e-mail):

*

Subject:

*

Introductory Message:

HTML/Text
(Photo: Yes/No)

(At the moment, only Text is allowed...)

Message Text:

Skype Technologies are urged to upgrade to the latest version of the Skype Internet telephony client software, due to a number of critical flaws in the software.

According to the advisory released by Skype Technologies, skype can be made to execute arbitrary code through a buffer overflow when Skype is called upon to handle malformed URLs that are in Skype-specific URI types callto:// and skype://.

In addition, Skype can be made to execute arbitrary code during importation of a VCARD that is in a specific non-standard format.

The first of these flaws could be exploited by tricking a Skype user to click on a specially crafted URL, while the second would require a Skype user to import a malicious vCard. vCard is an electronic business card format used by some e-mail programs.

These flaws affect a number of Windows versions of the software ranging between versions 1.1 and 1.4, the statement said.

The latest versions of Skype are listed for download at http://www.skype.com/download.