|
|
|
 |
Vulnerability Note VU#202604Skype for Mac contains a format string error in the handling of URI argumentsOverviewSkype for Mac contains a format string vulnerability in the handling of URIs, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.I. DescriptionSkype software provides telephone service over IP networks. There is a format string vulnerability in the NSRunAlertPanel function in the routines that handle Skype-specific URIs, such as skype://.II. ImpactBy sending a specially crafted URI to Skype, a remote, unauthenticated attacker may be able to execute arbitrary code with the privileges of the user. Such a URI can be sent to Skype by convincing a user to view a specially crafted HTML document (e.g., a web page or an HTML email message or attachment). The attacker could also cause Skype to crash.III. SolutionApply an updateThis vulnerability is addressed in Skype for Mac release 1.5.*.80 or later.
References
This vulnerability was reported by Tom Ferris of Security-Protocols. This document was written by Will Dormann.
If you have feedback, comments, or additional information about this vulnerability, please send us
email. |
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
Get Adobe Reader