Skype Vulnerability Makes End-Users Susceptible to Malware Execution
According to a security researcher from Germany, there's a security flaw within the Skype's newest edition for Windows, which if exploited, lets cyber-criminals to insert apparently harmful software inside end-users' phone sessions. The Register reported this on August 22, 2011.
The discoverer of the flaw Levent Kayan says that the Cross-Site Scripting (XSS) flaw inside Skype 18.104.22.168 occurs because the voice-over-Internet Protocol component doesn't effectively scrutinize the phone numbers that users supply vis-à-vis malware. Consequently, cyber-criminals may succeed in abusing the flaw for inserting scripts or commands, which compromise the affected system with the program enabled on it, he explains. The Register reported this on August 22, 2011.
Nonetheless, Microsoft has dismissed what the German researcher says about Skype being susceptible to XSS assaults. According to it, the attack code published over the Net is gentle.
Meanwhile, Skype stated that it wasn't possible to execute the assault as the flawed areas for making entry couldn't be accessed online in Windows. Also as per a representative of Skype, the researcher's claim wasn't really right since the entries within mobile, office and home phones were implanted through HTML. The Register reported this.
Indeed, during July 2011 when version 22.214.171.124 of Skype was impacted Kayan reported that the exploitation of the Skype bug let end-users become compromised through a code-insertion series inside the entry area of cell-phone. As a result, it was possible to execute script as well as access the victimized user's account info and session ID.
Finally, security specialists stated that such flaws could allow the creation of self-replicating assaults provided it was possible to target the people listed inside the victim's address book with them although it wasn't clear whether the latest flaw could similarly permit for self-replicating assaults.
Related article: Skype Plugs Critical Security Hole
» SPAMfighter News - 31-08-2011