Users running older versions of Skype risk attack from a newly disclosed vulnerability.
A boundary error involving the Skype4COM URI handler creates a buffer overflow risk. This, in turn, provides a means for hackers to attack users running vulnerable versions of Skype who visit maliciously-constructed websites.
The vulnerability is confirmed in Skype 188.8.131.52. Other versions of the popular VoIP package prior to 184.108.40.206 may also be affected.
Details of the flaw were reportedly submitted to Skype in early November. Skype released an update in mid-November that touted higher video quality. It also fixed the security bug, a point Skype itself neglected to mention. Information on the vulnerability only emerged following an advisory from security tools vendor Tipping Point late last week. ®