TITLE:
Skype skype4com URI Handler Heap Corruption Vulnerability
SECUNIA ADVISORY ID:
SA27934
VERIFY ADVISORY:
http://secunia.com/advisories/27934/CRITICAL:
Highly critical
IMPACT:
System access
WHERE:
>From remote
SOFTWARE:
Skype for Windows 1.x
http://secunia.com/product/4250/Skype for Windows 2.x
http://secunia.com/product/7268/Skype for Windows 3.x
http://secunia.com/product/12919/DESCRIPTION:
A vulnerability has been reported in Skype, which can be exploited by
malicious people to compromise a user's system.
The vulnerability is caused due to an error in the "skype4com" URI
handler when processing short string values and can be exploited to
corrupt memory.
Successful exploitation allows execution of arbitrary code when a
user e.g. visits a malicious website.
The vulnerability is reported in versions prior to 3.6 Gold released
on 2007-11-15.
SOLUTION:
Update to version 3.6 Gold released on 2007-11-15 or later.