Skype Facing Great Risk Due to Security Vulnerabilities
As per a warning released by VeriSign's iDefense security research team on June 6, 2008, users of Skype may be at risk due to a moderately critical flaw of code execution. The vulnerability could allow hackers to employ an arbitrary code.
The remote exploitation of Skype's security policy bypass could allow attackers to implant arbitrary code with regard to the users. The "file:" URL controller in Skype checks all URL to confirm whether or not the link contains file extensions associated with formats of executable file.
In case a file contains link that comes under blacklisted file extensions, the user sees a dialog with security warning. The file extensions which are declared harmful and checked by Skype include .ade, .js, .adp, .isp, .asd, .ins, .bas, .inf, .bat...
» SPAMfighter News - 19-06-2008