Skype update plugs critical bug

On the QT

Mon 10 Dec 2007 // 11:57 UTC

Users running older versions of Skype risk attack from a newly disclosed vulnerability.

A boundary error involving the Skype4COM URI handler creates a buffer overflow risk. This, in turn, provides a means for hackers to attack users running vulnerable versions of Skype who visit maliciously-constructed websites.

The vulnerability is confirmed in Skype 3.5.0.239. Other versions of the popular VoIP package prior to 3.6.0.216 may also be affected.

Details of the flaw were reportedly submitted to Skype in early November. Skype released an update in mid-November that touted higher video quality. It also fixed the security bug, a point Skype itself neglected to mention. Information on the vulnerability only emerged following an advisory from security tools vendor Tipping Point late last week. ®

More about

COMMENTS

TIP US OFF

Send us news

Topics

Special Features

Vendor Voice

Resources

Channel

Skype update plugs critical bug

On the QT

More about

TIP US OFF

Other stories you might like

Software glitch saw Aussie casino give away millions in cash

HPE sues China's Inspur Group over server patents

Hugely expanded Section 702 surveillance powers set for US Senate vote

Protecting distributed branch office environments from ransomware

Snowmobile, Amazon's truck-powered migration service, reaches the end of the road

Uncle Sam earmarks $54M of CHIPS funding for small-biz semiconductor boffinry

Psst, hey. It's the NSA. You want some AI security advice?

America may end up with paid-for 5G fast lanes under net neutrality anyway

ASML ships another high NA EUV lithography machine to mystery client

Kremlin's Sandworm blamed for cyberattacks on US, European water utilities

Boston Dynamics' humanoid Atlas is dead, long live the ... new commercial Atlas

Are we in a cost of technology crisis? Our vultures think so

About Us

Our Websites

Your Privacy