• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Skype Technologies Skype URI Handling Remote File Download Vulnerability

Skype is prone to an arbitrary file-download vulnerability. This issue is due to improper Skype URI handling.

This issue allows remote attackers to transfer files from one Skype user to another, provided the recipient user has previously approved downloads.

By exploiting this issue, attackers may retrieve an arbitrary file from the victim user's computer.

The following versions of Skype for Windows are vulnerable to this issue:

- prior to 2.0.*.104
- 2.5.*.0 through 2.5.*.78.