<<<
NEWS FROM THE LAB - Wednesday, October 26, 2005
>>>
 

 
Skype users, time to update your software. Posted by Jarno @ 07:40 GMT

Yesterday Skype published an security advisory about heap overflow in Skype user client. According to another advisory published by EADS/CRC this vulnerability is remotely exploitable, and is not affected by heap protection used in Windows XP or Linux.

So updating your Skype client is a really good idea.

Vulnerability details from Skype Advisory:

Bulletin title: Heap overflow in networking routine
Bulletin ID: SKYPE-SB/2005-003
CVE references: CVE-2005-3267
Risk assessment: HIGH

The following Skype clients are vulnerable to this attack:

Skype for Windows:
All releases prior to and including 1.4.*.83

Skype for Mac OS X:
All releases prior to and including 1.3.*.16

Skype for Linux:
All releases prior to and including 1.2.*.17

Skype for Pocket PC:
All releases prior to and including 1.1.*.6

Fixed versions:

Skype for Windows:
Release 1.4.*.84 or later

Skype for Mac OS X:
Release 1.3.*.17 or later

Skype for Linux:
Release 1.2.*.18 or later

Skype for Pocket PC:
No patch is yet available. This bulletin will be updated when it
has been made available.