Security-Alerts mailing list archive (email@example.com)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[security-alerts] FW: [SA27934] Skype skype4com URI Handler Heap Corruption Vulnerability
> Skype skype4com URI Handler Heap Corruption Vulnerability
> SECUNIA ADVISORY ID:
> VERIFY ADVISORY:
> Highly critical
> System access
> From remote
> Skype for Windows 1.x
> Skype for Windows 2.x
> Skype for Windows 3.x
> A vulnerability has been reported in Skype, which can be exploited by
> malicious people to compromise a user's system.
> The vulnerability is caused due to an error in the "skype4com" URI
> handler when processing short string values and can be exploited to
> corrupt memory.
> Successful exploitation allows execution of arbitrary code when a
> user e.g. visits a malicious website.
> The vulnerability is reported in versions prior to 3.6 Gold released
> on 2007-11-15.
> Update to version 3.6 Gold released on 2007-11-15 or later.
> PROVIDED AND/OR DISCOVERED BY:
> Reported by an anonymous person via ZDI.
> ORIGINAL ADVISORY: