A vulnerability has been reported in Skype, which can be exploited by malicious people to bypass certain security restrictions and potentially disclose certain sensitive information.
The vulnerability is cause due to an error within the parsing of the parameters passed by the URI handler. This can be exploited to inject additional command line switches to the Skype client to initiate transfer of a file from one Skype user to another via a specially crafted Skype URL, without requiring the sender to explicitly consent the action.
Successful exploitation requires that the user follows a malicious Skype URL and that the recipient has previously authorised the sender.
The vulnerability has been reported in the following versions of Skype for Windows.
* Release 2.0.*.104 and prior
* Release 2.5.*.0 through 2.5.*.78
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to email@example.com