Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
Search
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity
    • Networking

    Skype Patches High-Risk Security Holes

    By
    Ryan Naraine
    -
    October 25, 2005
    Share
    Facebook
    Twitter
    Linkedin

      Multiple security flaws in the popular Skype voice chat application could put millions of users at risk of computer takeover attacks, the company acknowledged Tuesday.

      Skype Technologies S.A., which is being acquired by eBay Inc., warned in two separate advisories that the vulnerabilities could lead of system access or denial-of-service attacks.

      The Skype program, which uses peer-to-peer technology to route phone calls over the Internet, is one of the most popular desktop applications sitting behind firewalls, making the threat vector even more serious.

      Internet security researchers have long warned that flaws in Internet-facing desktop applications that sit behind a firewall present a lucrative target for malicious hackers.

      The acknowledgement of security holes in Skype comes at a crucial time for the company, which counts about 60 million registered enterprise and consumer users.

      /zimages/4/28571.gif Skype targets businesses as growth accelerates. Click here to read more.

      Skype is adding 170,000 new subscribers every day, and the rapid growth means that the company has almost doubled its number of registered users in the last six months. About 30 percent are paying customers.

      Security alerts aggregator Secunia Inc. rates the risk from the flaws as “highly critical” and urged users to apply the appropriate patches immediately.

      The more serious of the two bugs is a boundary error that exists when Skype-specific URI types like “callto://” and “skype://” are handled by the application.

      This can be exploited to cause a buffer overflow and allows arbitrary code execution, according to an alert posted on the Skype Security Center.

      Affected software versions include Skype for Windows Releases 1.1.*.0 through 1.4.*.83.

      /zimages/4/28571.gifClick here to read about Skypes next phase.

      Skype for Windows users is also vulnerable to remote code execution attacks because of a separate boundary error in the handling of VCARD imports. The company acknowledged that a malicious hacker could create a special VCARD to launch an attack when the card is imported into the client.

      A third boundary error flaw was also identified in the way the program handles certain Skype client network traffic. This can be exploited to cause a heap-based buffer overflow.

      Successful exploitation crashes the Skype client.

      The denial-of-service vulnerability affects Skype for Windows Release 1.4.*.83 and prior, Skype for Mac OS X Release 1.3.*.16 and prior, Skype for Linux Release 1.2.*.17 and prior and Skype for Pocket PC Release 1.1.*.6 and prior.

      Skype has posted software fixes for most affected users. There is no patch available yet for Skype for Pocket PC users.

      There are no reports of public exploits for the vulnerabilities.

      /zimages/4/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

      Avatar
      Ryan Naraine

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      Zeus Kerravala - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      Wayne Rash - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Information

      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×