1. Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Skype Cross-zone Scripting Vulnerability Found

Discussion in 'News' started by malware, Jan 20, 2008.

  1. malware New Member

    Joined:
    Nov 7, 2004
    Messages:
    5,476 (1.50/day)
    Thanks Received:
    956
    Location:
    Bulgaria
    Security researcher Aviv Raff has discovered and demonstrated a flaw within Skype that allows malicious code to execute when the software embeds video into chat. The problem is caused by Skype's web control. The program uses Internet Explorer to render internal and external HTML, but does so using "Local Zone" security settings. Full information on the "Skype cross-zone scripting vulnerability" is posted here. There, you can also watch a proof-of-concept footage of Skype launching Windows' calculator. The bug currently effects Skype v.3.6.0.244, and may be present in older versions of the client as well. At this point, the solution is to avoid running the "Add Video to Chat" Skype feature. Simply having the program installed or using its various other functions will not expose a system to potential infection.

    Source: Ars Technica
     
  2. Triprift

    Triprift

    Joined:
    Dec 10, 2007
    Messages:
    7,185 (2.86/day)
    Thanks Received:
    915
    Location:
    Adelaide Australia
    I didnt even no you could add video to chat in skype wow ive only started me day and already ive learnt something new cool.
     
  3. Cold Storm

    Cold Storm Battosai

    Joined:
    Oct 7, 2007
    Messages:
    15,014 (5.83/day)
    Thanks Received:
    2,999
    Location:
    In a library somewhere on this earth
    lol.. yeah i just watched a video a friend made by using skype video... it was goood... lol.. Skype FTW!
     
  4. chaimhaas New Member

    Joined:
    Jan 21, 2008
    Messages:
    1 (0.00/day)
    Thanks Received:
    0
    Skype Security Blog

    Skype provides a full description on its Security Blog of the vulnerability and the steps that have been taken to address the problem so it doesn't affect users
     

Currently Active Users Viewing This Thread: 1 (0 members and 1 guest)

Share This Page