Secunia Advisory: SA30547
Release Date: 2008-06-05
Critical: Moderately critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software:
Skype for Windows 1.x
Skype for Windows 2.x
Skype for Windows 3.x
Description:
A vulnerability has been reported in Skype, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an error in the handling of "file:" URIs, which can be exploited to bypass the security warning for blacklisted file extensions e.g. via a "file:" URI containing upper case characters in the file extension.
Successful exploitation allows execution of arbitrary code, but requires that a user is tricked into clicking on a specially crafted "file:" URI.
The vulnerability is reported in version 3.8.*.115 and prior.
Do you have this product installed on your home computer? Scan using the free Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, using the Network Software Inspector.
Solution:
Update to version 3.8.0.139.
Bollettino di Sicurezza
http://www.skype.com/download/skype/windows/
Release Date: 2008-06-05
Critical: Moderately critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software:
Skype for Windows 1.x
Skype for Windows 2.x
Skype for Windows 3.x
Description:
A vulnerability has been reported in Skype, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an error in the handling of "file:" URIs, which can be exploited to bypass the security warning for blacklisted file extensions e.g. via a "file:" URI containing upper case characters in the file extension.
Successful exploitation allows execution of arbitrary code, but requires that a user is tricked into clicking on a specially crafted "file:" URI.
The vulnerability is reported in version 3.8.*.115 and prior.
Do you have this product installed on your home computer? Scan using the free Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, using the Network Software Inspector.
Solution:
Update to version 3.8.0.139.
Bollettino di Sicurezza
http://www.skype.com/download/skype/windows/