Skype Security Problems Multiply

By Ryan Naraine  |  Posted 2008-01-24 Print this article Print

Skype Security Problems Multiply The Skype security problem I wrote about here and here is much more serious than originally reported, according to the hacker who found and reported the vulnerability.

Aviv Raff showed me proof-of-concept code that fired a code execution exploit whenever I visited a booby-trapped Web page. The exploit worked even if Skype was not running--visiting the Web page automatically opened Skype, attempted to load a video, and then launched the executable code.

After Raff's second discovery--which is a combination of a cross-site scripting bug in Metacafe and a cross-zone scripting vulnerability in Skype--the eBay-owned company completely removed the Add a Video feature until a patch is ready. |

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel