Skype Update Fixes Security Issue

A new release of the Windows version of the Skype VOIP program fixes a bug that could allow a remote attacker to compromise a Skype users computer.

The new version, 1.0.0.100, can be downloaded from the Skype Web site.

Resource Library:

An advisory from Secunia based on the bug report from Skype calls the bug "highly critical." It states that the bug is caused by an error in the handling of command-line arguments. The problem may be induced by a browser link utilizing the "callto:" URI handler, installed by Skype.

For insights on security coverage around the Web, check out eWEEK.com Security Center Editor Larry Seltzers Weblog.

Such a link would only function for Skype users, and the problem only affects versions 1.0.*.95 through 1.0.*.98, but successful exploitation could allow an attacker to execute arbitrary code on a users system.

Check out eWEEK.coms for the latest news, views and analysis on voice over IP and telephony.