malware
New Member
- Joined
- Nov 7, 2004
- Messages
- 5,422 (0.72/day)
- Location
- Bulgaria
| Processor | Intel Core 2 Quad Q6600 G0 VID: 1.2125 |
|---|---|
| Motherboard | GIGABYTE GA-P35-DS3P rev.2.0 |
| Cooling | Thermalright Ultra-120 eXtreme + Noctua NF-S12 Fan |
| Memory | 4x1 GB PQI DDR2 PC2-6400 |
| Video Card(s) | Colorful iGame Radeon HD 4890 1 GB GDDR5 |
| Storage | 2x 500 GB Seagate Barracuda 7200.11 32 MB RAID0 |
| Display(s) | BenQ G2400W 24-inch WideScreen LCD |
| Case | Cooler Master COSMOS RC-1000 (sold), Cooler Master HAF-932 (delivered) |
| Audio Device(s) | Creative X-Fi XtremeMusic + Logitech Z-5500 Digital THX |
| Power Supply | Chieftec CFT-1000G-DF 1kW |
| Software | Laptop: Lenovo 3000 N200 C2DT2310/3GB/120GB/GF7300/15.4"/Razer |
Security researcher Aviv Raff has discovered and demonstrated a flaw within Skype that allows malicious code to execute when the software embeds video into chat. The problem is caused by Skype's web control. The program uses Internet Explorer to render internal and external HTML, but does so using "Local Zone" security settings. Full information on the "Skype cross-zone scripting vulnerability" is posted here. There, you can also watch a proof-of-concept footage of Skype launching Windows' calculator. The bug currently effects Skype v.3.6.0.244, and may be present in older versions of the client as well. At this point, the solution is to avoid running the "Add Video to Chat" Skype feature. Simply having the program installed or using its various other functions will not expose a system to potential infection.
View at TechPowerUp Main Site
View at TechPowerUp Main Site
