Skype File URI Security Bypass Code Execution Vulnerability
Skype has released a security bulletin to address a remote vulnerability. This vulnerability is due to an error in the handling of “file:” URIs. By convincing a user to click on a specially crafted “file:” URI, a remote, unauthenticated attacker may be able to execute arbitrary code. Upon clicking, the malicious link execution of arbitrary code on the victim’s machine will be possible.
URI handler in Skype performs checks upon the URL to verify that the link does not contain certain file extensions related to executable file formats. If the link is found to contain a blacklisted executable file extension a security warning dialog is shown to the user. The check is performed using the case sensitive comparison. Another flaw in this check is that the blacklist fails to mention all potential executable file formats. This allows an attacker to bypass this security policy and execute arbitrary code if a victim clicks an attacker supplied URL.
All versions prior to and including 3.8.*.115 of Skype for Windows are vulnerable to this attack. Skype has fixed the vulnerability in version 3.8.0.139
Users should review Skype security bulletin SKYPE-SB/2008-003 and upgrade to Skype version 3.8.0.139. The preferred method for installing security updates is to download the software directly from Skype’s website, from the website of Skype’s authorized partners, or from a reliable mirror site. Skype may also be safely downloaded from other locations, but in this case it is particularly important that you verify the authenticity of the download.
More on CyberInsecure:
Leave a Reply
Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.