New Skype Patches Critical Flaws
Skype Technologies are urged to upgrade to the latest version of the Skype Internet telephony client software, due to a number of critical flaws in the software.
According to the advisory released by Skype Technologies, skype can be made to execute arbitrary code through a buffer overflow when Skype is called upon to handle malformed URLs that are in Skype-specific URI types callto:// and skype://.
In addition, Skype can be made to execute arbitrary code during importation of a VCARD that is in a specific non-standard format.
The first of these flaws could be exploited by tricking a Skype user to click on a specially crafted URL, while the second would require a Skype user to import a malicious vCard. vCard is an electronic business card format used by some e-mail programs.
These flaws affect a number of Windows versions of the software ranging between versions 1.1 and 1.4, the statement said.
The latest versions of Skype are listed for download at http://www.skype.com/download.
In addition, Skype can be made to execute arbitrary code during importation of a VCARD that is in a specific non-standard format.
The first of these flaws could be exploited by tricking a Skype user to click on a specially crafted URL, while the second would require a Skype user to import a malicious vCard. vCard is an electronic business card format used by some e-mail programs.
These flaws affect a number of Windows versions of the software ranging between versions 1.1 and 1.4, the statement said.
The latest versions of Skype are listed for download at http://www.skype.com/download.
