Skype gets patches for high-risk security flaws

By Derek Sooman on October 25, 2005, 7:00 PM
Skype Technologies S.A., has warned that its popular Skype voice chat application could be in danger of risk of computer takeover attacks, warning in two separate advisories that vulnerabilities found could lead to system access or denial-of-service attacks.

Security alerts aggregator Secunia Inc. rates the risk from the flaws as "highly critical" and urged users to apply the appropriate patches immediately.

The more serious of the two bugs is a boundary error that exists when Skype-specific URI types like "callto://" and "skype://" are handled by the application.

This can be exploited to cause a buffer overflow and allows arbitrary code execution, according to an alert posted on the Skype Security Center.

The effected versions of the software include Skype for Windows Releases 1.1.*.0 through 1.4.*.83.




Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.