Skype, the popular VoIP client and the favoured method of communication for Kasparov, is a little less secure today. This was released as a part of Tipping Point’s Zero Day initiative. This particular vulnerability can potentially lead to a system compromise by a remote attacker.
The vendor has posted an updated version of the client with the fix.
From Secunia:
Description:
A vulnerability has been reported in Skype, which can be exploited by malicious people to compromise a user’s system.The vulnerability is caused due to an error in the “skype4com” URI handler when processing short string values and can be exploited to corrupt memory.
Successful exploitation allows execution of arbitrary code when a user e.g. visits a malicious website.
The vulnerability is reported in versions prior to 3.6 Gold released on 2007-11-15.
[tags]Skype Vulnerability, Skype URI Handler, Skype, VoIP Security[/tags]