Skip to main content

Skype bug may expose users to malicious code

posted onAugust 23, 2011
by l33tdawg

L33tdawg:  If you're coming for HITB2011KUL in October, don't miss Benjamin Kunz's Skype Vulnerabilities: Zero Day Exploitation 2011 talk

The latest version of Skype for Windows contains a security vulnerability that allows attackers to inject potentially dangerous code into a user's phone session, a German security researcher has reported.

The XSS, or cross-site scripting, vulnerability in Skype 5.5.0.113 is the result of the voice-over-IP client failing to inspect user-supplied phone numbers for malicious code, researcher Levent Kayan said. As a result, attackers might be able to exploit the bug to inject commands or scripts that hijack the machine running the program.

“An attacker could for example inject HTML/JavaScript code,” Kayan wrote in an advisory published on Wednesday. “It has not been verified though, if it's possible to hijack cookies or to attack the underlying operating system.” An attacker might also exploit the vulnerability to remotely execute malicious JavaScript files on external websites, he said.

Source

Tags

Skype Security

You May Also Like

Recent News

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th