• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Skype Cross-zone Scripting Vulnerability Found

M

malware

New Member
Joined
Nov 7, 2004
Messages
5,422 (0.76/day)
Location
Bulgaria
System Specs
Processor Intel Core 2 Quad Q6600 G0 VID: 1.2125
Motherboard GIGABYTE GA-P35-DS3P rev.2.0
Cooling Thermalright Ultra-120 eXtreme + Noctua NF-S12 Fan
Memory 4x1 GB PQI DDR2 PC2-6400
Video Card(s) Colorful iGame Radeon HD 4890 1 GB GDDR5
Storage 2x 500 GB Seagate Barracuda 7200.11 32 MB RAID0
Display(s) BenQ G2400W 24-inch WideScreen LCD
Case Cooler Master COSMOS RC-1000 (sold), Cooler Master HAF-932 (delivered)
Audio Device(s) Creative X-Fi XtremeMusic + Logitech Z-5500 Digital THX
Power Supply Chieftec CFT-1000G-DF 1kW
Software Laptop: Lenovo 3000 N200 C2DT2310/3GB/120GB/GF7300/15.4"/Razer
Security researcher Aviv Raff has discovered and demonstrated a flaw within Skype that allows malicious code to execute when the software embeds video into chat. The problem is caused by Skype's web control. The program uses Internet Explorer to render internal and external HTML, but does so using "Local Zone" security settings. Full information on the "Skype cross-zone scripting vulnerability" is posted here. There, you can also watch a proof-of-concept footage of Skype launching Windows' calculator. The bug currently effects Skype v.3.6.0.244, and may be present in older versions of the client as well. At this point, the solution is to avoid running the "Add Video to Chat" Skype feature. Simply having the program installed or using its various other functions will not expose a system to potential infection.

View at TechPowerUp Main Site
 
Triprift

Triprift

Joined
Dec 10, 2007
Messages
7,185 (1.20/day)
Location
Adelaide Australia
System Specs
System Name Becca 2
Processor AMD A10 4600m quad core @ 2.3 ghz
Motherboard dunno
Cooling Logitech alto connect
Memory 16 Gig ddr3 1600mhz
Video Card(s) Ati HD 7660G + & 7470M
Storage 1 TB
Audio Device(s) onboard crap
Software Windows 7 Home Premium 64 bit with sp1
I didnt even no you could add video to chat in skype wow ive only started me day and already ive learnt something new cool.
 
Cold Storm

Cold Storm

Battosai
Joined
Oct 7, 2007
Messages
15,010 (2.49/day)
Location
In a library somewhere on this earth
System Specs
System Name Haro
Processor AMD 1700x
Motherboard AsRork x370 Taichi
Cooling EK Custom Loop - CPU only
Memory 32gb G-Skill Trident Z
Video Card(s) EVGA 1080 Superclock 2
Storage Too Many
Display(s) Viewsonic VX2450WM-LED 24" & LG 32 IPS
Case Cooler Master Cosmos II
Power Supply Cooler Master V1000
Mouse SteelSeries Rival 500
Software Win10 Pro
Benchmark Scores i5 750 4.62ghz pi runs // Evga FTW p55
lol.. yeah i just watched a video a friend made by using skype video... it was goood... lol.. Skype FTW!
 
C

chaimhaas

New Member
Joined
Jan 21, 2008
Messages
1 (0.00/day)
Skype Security Blog

Skype provides a full description on its Security Blog of the vulnerability and the steps that have been taken to address the problem so it doesn't affect users
 
You must log in or register to reply here.
Top