New Skype Exploit

A new Skype exploit was just found. SKYPE-SB/2006-001, improper handling of URI arguments allows an attacker to initiate file transfers between users.

An attacker who constructs a Skype URL that is malformed in a specific way can initiate the transfer of a single named file from one Skype user to another, provided that the sender follows the malicious link and that the recipient has previously authorized the sender.

The exploit is not a simple one but one nonetheless. There is already an updated version of Skype available, which addresses this issue. If you are a Skype user then it is suggested that you upgrade immediately.

Subscribe, Trackback or Bookmark?

2 Comments on “New Skype Exploit”

Comments

1 anonymous Jan 2nd, 2007, at 19:13

I just felt power from that exploit :o
He tried to HACK ME !!

Trackbacks

2 SinoLogic » Skype es un riesgo para la red y una carga innecesaria Nov 26th, 2006, at 23:39

[…] Según leemos en la revista ITWire, Skype se salta las restricciones de los firewalls, permitiendo que fallos en el código y exploits que afecten a Skype podrían permitir el acceso a redes internas saltándose la seguridad propia de la red, a la vez que, al ser una aplicación P2P (Peer to Peer), permite utilizar el ancho de banda de dicha red aunque no se esté utilizando la aplicación lo que conlleva a un aumento del ancho de banda innecesario que en algunos casos puede ser vital. Tags:Operadoras, redes, seguridad, skype 26-Noviembre-2006 a las 4:31 […]

Write a comment

(required)

(required, but not published)

(optional)

You may use only these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>