BugTraq
Skype URI callto username overflow Jun 10 2004 12:46AM
Hillel Himovich (hll netvision net il)


Here is a cute little URI I found crashing skype on it's latest version (0.98.0.04).

It's proboby a buffer overflow of some sort, so, a special crafted URI culd potentionally lead to remote code execution.

(would probobly be extreamly hard doing it threw a URI, but still an option)

callto://aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/

If you really really want this not to happend to you, u shuld remove the reffering registry entrance to "callto://" in URI's

Regards,

Hillel Himovich

"HLL"

HLL (at) netvision.net (dot) il [email concealed]

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus