Security bug in Skype for Windows
A security bug in the Skype VoIP software for Windows user client has been identified and fixed.
Skype is program for making free calls over the internet to anyone else who also has Skype VoIP installed. It’s free and easy to download and use, and works with most computers.
The recent discovery and fix of an bug found in Skype for Windows could have been made to execute arbitrary code through a buffer overflow when Skype is called upon to handle malformed URLs that are in Skype-specific URI types callto:// and skype://.
In addition, Skype can be made to execute arbitrary code during importation of a VCARD that is in a specific non-standard format.
Skype has replaced instances of the offending routine with one that performs proper bounds-checking.
The Skype VoIP Affected software was the Skype for Windows clients Releases 1.1.*.0 through 1.4.*.83 that were vulnerable to this attack:
Security and fix documents are located on Skype’s website.