Skype bug lets 'buddies' swipe files | The Register

Skip to content

Security:

News Tools

Reg Shops

Top Stories

Read more top stories

Related Whitepapers

The Perfect (Virtual) Marriage
Deduplication and VMware
Solution Brief: Reduce Energy Costs
With Green IT Solutions
Server Consolidation and Containment
With Virtual Infrastructure
Making Green IT a Reality
Customer Perspectives on the Impact of Storage Vendor Decisions on Power, Cooling, & Space in Enterprise Data Centers
Enabling the Data Center Metamorphosis
From Fixed To Fluid
Gartner Paper: US Data Centers - The Calm Before the Storm
How to handle future energy demands

The Register » Security » Enterprise Security »

Skype bug lets 'buddies' swipe files

A Windows special

By John Leyden → More by this author

Published Wednesday 24th May 2006 17:07 GMT

How IT Management Can "Green" the Data Center - Free Download

Skype has warned of a flaw in its popular VoIP client software that creates a means for hackers to swipe files from their "buddies". The flaw can be exploited via a malicious constructed Skype URL which initiates the transfer of a single named file to another Skype user.

The security bug stems from an error within the parsing of the parameters passed by the URL handler. This flaw creates a means for hackers to inject commands within a maliciously crafted Skype URL that initiates transfer of a file from one Skype user without requiring the sender to explicitly consent to the action. However, this only works if a trust relationship already exists between the two parties, drastically restricting the scope for mischief.

The bug, which is not easy to exploit, applies only to Skype for Windows and not other versions of the software. Users are advised to update to Skype 2.5, release 2.5.*.79 or Skype 2.0, release 2.0.*.105 or later as explained in an advisory here. ®

Free Analyst Paper: Overcoming Energy Demands on US Data Centers

Track this type of story as a custom Atom/RSS feed or by email.

Related stories

Hackers call on Skype to spread Trojan (20 December 2006)
Skype patches Mac OS X flaw (4 October 2006)
Fugitive CEO tracked down to Sri Lanka after Skype call (25 August 2006)
'Skype clone' surfaces in China (17 July 2006)
Intel pitches VoIP card at office-PC users (7 June 2006)
VoIP firm backs 'virtual' yacht race (6 June 2006)
PGP creator offers VoIP crypto to Windows users (23 May 2006)
Security pros give VoIP the brush-off (27 April 2006)
Skype uses peer pressure defense to explain China text censorship (20 April 2006)
Botnet control fears over IP telephony (26 January 2006)
Skype explains why security evaluation omitted bug reports (7 November 2005)
Scramble to fix Skype security bug (25 October 2005)

Post to Slashdot

Add to del.icio.us

Previous Article

whitepaper title

The Perfect (Virtual) Marriage

Get consistent virtual machine storage savings of 50% (often as high as 90%) with virtually no performance impact with NetApp deduplication..

whitepaper title

Solution Brief: Reduce Energy Costs

Energy consumption has become a big issue. Dramatically increase server utilization and significantly reduce energy costs through Virtualization..

Whitepapers	Jobs
Managing the Performance and Availability of .NET Applications Software Smart Cards via Cryptographic Camouflage Making mobility manageable Reducing your Carbon Footprint	Senior Perl Programmer, Telecom ASP Blog Developer for media and software companies Perl/Linux/Web Software Developer 2 perl scripts for online retail business small job Perl Developer

How IT Management Can "Green" the Data Center

A Gartner Report

Download for free NOW

Top 20 stories • All The Week’s Headlines • Archive • Search