Skype Corrects URL Handling Flaw
A security flaw in the popular Skype peer-to-peer chat client could allow security bypass and system information disclosure attacks, according to an advisory from the company.
The vulnerability, which carries a "moderately critical" rating, is caused by an error in the way the application parses the parameters passed by the URL handler.
"This can be exploited to initiate the transfer of a file from one Skype user to another via a specially crafted Skype URL without requiring the sender to explicitly consent to the action," said a warning from flaw alerts aggregator Secunia, based in Copenhagen, Denmark. Skype Corrects URL Handling Flaw
Back to: PC Security, privacy news