Tuesday, October 21, 2014
Search
  
Wednesday, October 26, 2005
 New Skype Patches Critical Flaws
You are sending an email that contains the article
and a private message for your recipient(s).
Your Name:
Your e-mail: * Required!
Recipient (e-mail): *
Subject: *
Introductory Message:
HTML/Text
(Photo: Yes/No)
(At the moment, only Text is allowed...)
 
Message Text: Skype Technologies are urged to upgrade to the latest version of the Skype Internet telephony client software, due to a number of critical flaws in the software.

According to the advisory released by Skype Technologies, skype can be made to execute arbitrary code through a buffer overflow when Skype is called upon to handle malformed URLs that are in Skype-specific URI types callto:// and skype://.

In addition, Skype can be made to execute arbitrary code during importation of a VCARD that is in a specific non-standard format.

The first of these flaws could be exploited by tricking a Skype user to click on a specially crafted URL, while the second would require a Skype user to import a malicious vCard. vCard is an electronic business card format used by some e-mail programs.

These flaws affect a number of Windows versions of the software ranging between versions 1.1 and 1.4, the statement said.

The latest versions of Skype are listed for download at http://www.skype.com/download.
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2014 - All rights reserved -
Privacy policy - Contact Us .