Security-Alerts mailing list archive (security-alerts@yandex-team.ru)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[security-alerts] FW: [SA27934] Skype skype4com URI Handler Heap Corruption Vulnerability
>
> TITLE:
> Skype skype4com URI Handler Heap Corruption Vulnerability
>
> SECUNIA ADVISORY ID:
> SA27934
>
> VERIFY ADVISORY:
> http://secunia.com/advisories/27934/
>
> CRITICAL:
> Highly critical
>
> IMPACT:
> System access
>
> WHERE:
> From remote
>
> SOFTWARE:
> Skype for Windows 1.x
> http://secunia.com/product/4250/
> Skype for Windows 2.x
> http://secunia.com/product/7268/
> Skype for Windows 3.x
> http://secunia.com/product/12919/
>
> DESCRIPTION:
> A vulnerability has been reported in Skype, which can be exploited by
> malicious people to compromise a user's system.
>
> The vulnerability is caused due to an error in the "skype4com" URI
> handler when processing short string values and can be exploited to
> corrupt memory.
>
> Successful exploitation allows execution of arbitrary code when a
> user e.g. visits a malicious website.
>
> The vulnerability is reported in versions prior to 3.6 Gold released
> on 2007-11-15.
>
> SOLUTION:
> Update to version 3.6 Gold released on 2007-11-15 or later.
>
> PROVIDED AND/OR DISCOVERED BY:
> Reported by an anonymous person via ZDI.
>
> ORIGINAL ADVISORY:
> ZDI:
> http://www.zerodayinitiative.com/advisories/ZDI-07-070.html
>
|
