Skype Corrects URL Handling Flaw

A security flaw in the popular Skype peer-to-peer chat client could allow security bypass and system information disclosure attacks, according to an advisory from the company.

The vulnerability, which carries a "moderately critical" rating, is caused by an error in the way the application parses the parameters passed by the URL handler.

"This can be exploited to initiate the transfer of a file from one Skype user to another via a specially crafted Skype URL without requiring the sender to explicitly consent to the action," said a warning from flaw alerts aggregator Secunia, based in Copenhagen, Denmark. Skype Corrects URL Handling Flaw

Linked by shanmuga Saturday, 20th May 2006 12:33AM