1. Skip to navigation
  2. Skip to content
  3. Skip to secondary-content




Skype File URI Code Execution Vulnerability

Report ID: SA30547
Source: Secunia
Date of Discovery: 05.06.2008
Criticality: Moderate
Affects:
Skype for Windows 1.x
Skype for Windows 2.x
Skype for Windows 3.x

Compromise From: From remote
Compromise Type: System access

Summary

A vulnerability has been reported in Skype, which can be exploited by malicious people to compromise a user's system.

Detailed Description

A vulnerability has been reported in Skype, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an error in the handling of "file:" URIs, which can be exploited to bypass the security warning for blacklisted file extensions e.g. via a "file:" URI containing upper case characters in the file extension.

Successful exploitation allows execution of arbitrary code, but requires that a user is tricked into clicking on a specially crafted "file:" URI.

The vulnerability is reported in version 3.8.*.115 and prior.

Solution

Original Reference

-

CVE Reference

CVE-2008-1805