Turn off the Ad Banner  

To print: Select File and then Print from your browser's menu.

    -----------------------------------------------
This story was printed from CdrInfo.com,
located at http://www.cdrinfo.com.
-----------------------------------------------

Appeared on: Wednesday, October 26, 2005
New Skype Patches Critical Flaws

Skype Technologies are urged to upgrade to the latest version of the Skype Internet telephony client software, due to a number of critical flaws in the software.

According to the advisory released by Skype Technologies, skype can be made to execute arbitrary code through a buffer overflow when Skype is called upon to handle malformed URLs that are in Skype-specific URI types callto:// and skype://.

In addition, Skype can be made to execute arbitrary code during importation of a VCARD that is in a specific non-standard format.

The first of these flaws could be exploited by tricking a Skype user to click on a specially crafted URL, while the second would require a Skype user to import a malicious vCard. vCard is an electronic business card format used by some e-mail programs.

These flaws affect a number of Windows versions of the software ranging between versions 1.1 and 1.4, the statement said.

The latest versions of Skype are listed for download at http://www.skype.com/download.


Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2014 - All rights reserved -
Privacy policy - Contact Us .