Back to list
Skype URI callto username overflow
Jun 10 2004 12:46AM
Hillel Himovich (hll netvision net il)
Here is a cute little URI I found crashing skype on it's latest version (0.98.0.04).
It's proboby a buffer overflow of some sort, so, a special crafted URI culd potentionally lead to remote code execution.
(would probobly be extreamly hard doing it threw a URI, but still an option)
If you really really want this not to happend to you, u shuld remove the reffering registry entrance to "callto://" in URI's
HLL (at) netvision.net (dot) il [email concealed]
[ reply ]
Copyright 2010, SecurityFocus