Skype Update Fixes Security IssueBy Larry Seltzer | Posted 2004-11-15 Email Print
Re-Thinking HR: What Every CIO Needs to Know About Tomorrow's Workforce
Buffer overflow in browser interface could allow a remote attacker to compromise a user's system.
A new release of the Windows version of the Skype VOIP program fixes a bug that could allow a remote attacker to compromise a Skype user's computer.
The new version, 220.127.116.11, can be downloaded from the Skype Web site.
An advisory from Secunia based on the bug report from Skype calls the bug "highly critical." It states that the bug is caused by an error in the handling of command-line arguments. The problem may be induced by a browser link utilizing the "callto:" URI handler, installed by Skype.
Such a link would only function for Skype users, and the problem only affects versions 1.0.*.95 through 1.0.*.98, but successful exploitation could allow an attacker to execute arbitrary code on a user's system.
Check out eWEEK.com's for the latest news, views and analysis on voice over IP and telephony.