Small Skype Vulnerability

posted by pingywon
Here is a cute little URI I found crashing skype on it’s latest version
(0.98.0.04).
It’s probably a buffer overflow of some sort, so, a special crafted URI could
potentially lead to remote code execution.
(would probably be extremely hard doing it threw a URI, but still an option)

callto://aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/

If you really really want this not to happened to you, u should remove the
referring registry entrance to “callto://” in URI’s

Leave a Reply