Skype update plugs critical bug | The Register

Skip to content

Security:

News Tools

Reg Shops

Top Stories

Read more top stories

Related Whitepapers

Enabling the Data Center Metamorphosis
From Fixed To Fluid
Eliminating the Security Risk of Sending Confidential Information by Email
Email Encryption
Gartner Paper: US Data Centers - The Calm Before the Storm
How to handle future energy demands
Search Engine Link Spam
Risks, Threats, Solution
Solution Brief: Reduce Energy Costs
With Green IT Solutions
The Botnet Threat
Targeting Your Busines

The Register » Security »

Skype update plugs critical bug

On the QT

By John Leyden → More by this author

Published Monday 10th December 2007 11:57 GMT

Gartner Report: How IT Management Can "Green" the Data Center - Free Download

Users running older versions of Skype risk attack from a newly disclosed vulnerability.

A boundary error involving the Skype4COM URI handler creates a buffer overflow risk. This, in turn, provides a means for hackers to attack users running vulnerable versions of Skype who visit maliciously-constructed websites.

The vulnerability is confirmed in Skype 3.5.0.239. Other versions of the popular VoIP package prior to 3.6.0.216 may also be affected.

Details of the flaw were reportedly submitted to Skype in early November. Skype released an update in mid-November that touted higher video quality. It also fixed the security bug, a point Skype itself neglected to mention. Information on the vulnerability only emerged following an advisory from security tools vendor Tipping Point late last week. ®

Free Analyst Paper: Overcoming Energy Demands on US Data Centers

1 comment posted — Comment period finished

Not before time

Posted: 13:03 11th December 2007

Track this type of story as a custom Atom/RSS feed or by email.

Related stories

SkypeFinds another security snafu (1 February 2008)
Skype Trojan wiretap plan leaks onto the net (29 January 2008)
Skype blocks poison movie peril (18 January 2008)
Skype confirms / denies job cuts (11 December 2007)
Skype crypto stumps German cops (23 November 2007)
VoIP is Dead. It's just another feature, now (29 October 2007)
3 UK brings VoIP to cheapskates (26 October 2007)
Skype mobile phone on its way? (22 October 2007)
IP telephony: does it float your boat? (19 October 2007)
Skype rings up a loss for eBay (18 October 2007)
Skype Trojan steals login credentials (17 October 2007)
Skype in MySpace hook-up (17 October 2007)

Post to Slashdot

Add to del.icio.us

Previous Article

whitepaper title

Enabling the Data Center Metamorphosis

This independent analyst paper gives real world advice on transforming your datacenter into a streamlined, dynamic, liquid engine capable of handling growth..

whitepaper title

Eliminating the Security Risk of Sending Confidential Information by Email

80% of security breaches are caused by people inside a company. Learn how to eliminate the risks of emailing confidential information.

Whitepapers	Jobs
Managing and Integrating Data in an SAP Environment Power and Cooling for VoIP and IP Telephony Applications [WP69] SSL in High-Security Browsers Mobile Security	Experienced Lead Perl developer for SF startup PERL Programmer for Print/Mail outsource provider Perl programmer: Challenging projects, brilliant coworkers Operations Support - Telecom ASP Sr Perl Programmer, Linux Admin

How IT Management Can "Green" the Data Center

A Gartner Report

Download for free NOW

Top 20 stories • All The Week’s Headlines • Archive • Search