Tweet
Security Watch: "Payment Details" You'll Pay Dearly For
A vulnerability in the Skype for Windows client could allow information on a system to be disclosed.
According to the company, when the program is installed it registers several URI handlers so that the client may be easily accessed through Web pages. A flaw in one of them allows the attacker to pass extra command line switches to the client. This could cause the client program to transmit a file from the client system to an arbitrary third party.
The attacker would have to know the exact location of the file, but many of these rarely change from defaults. One could make a good guess at the default location for a QuickBooks file, for example.
Install the vendor-supplied upgrade to the new version to fix the problem:
A vulnerability in the Skype for Windows client could allow information on a system to be disclosed.
According to the company, when the program is installed it registers several URI handlers so that the client may be easily accessed through Web pages. A flaw in one of them allows the attacker to pass extra command line switches to the client. This could cause the client program to transmit a file from the client system to an arbitrary third party.
The attacker would have to know the exact location of the file, but many of these rarely change from defaults. One could make a good guess at the default location for a QuickBooks file, for example.
Install the vendor-supplied upgrade to the new version to fix the problem:
- Skype 2.5, release 2.5.*.79 or later
- Skype 2.0, release 2.0.*.105 or later
Comment