Skype Corrects URL Handling Flaw
The popular peer-to-peer chat software contains a bug that puts users at risk of security bypass and system information disclosure attacks.A security flaw in the popular Skype peer-to-peer chat client could allow security bypass and system information disclosure attacks, according to an advisory from the company. The vulnerability, which carries a "moderately critical" rating, is caused by an error in the way the application parses the parameters passed by the URL handler. "This can be exploited to initiate the transfer of a file from one Skype user to another via a specially crafted Skype URL without requiring the sender to explicitly consent to the action," said a warning from flaw alerts aggregator Secunia, based in Copenhagen, Denmark.
Click here to read about previous security problems that affected Skypes voice chat application.