Celio RedFly in Action
November 7, 2009 – 9:36 pm | Comments

A few days ago I commented about the Celio Redfly adding support for BlackBerrys. I came across that bit of information first while researching to purchase a Celio RedFly myself and then while I’ve been …

Read the full story »
Mobility Site Minute

Check out our podcast, the Mobilitysite Minute. Quick news, views, and interviews.

Mobilitysite Contests

The lastest Mobilitysite.com Contests. What can you win today?

Mobility Site Videos

Video reviews, 1st looks, and demos of the hottest mobile devices.

Mobilitysite Polls

Our polls help get our reader’s take on what’s happening in Mobility.

Mobilitysite Reviews

Mobilitysite reviews take you deep into the hottest mobile devices, software and accessories.

Home » Software

Skype Releases Cross Zone Vulnerability Fix

Posted by gasusan2005 on February 6, 2008 – 2:32 am
closeThis post was published 1 year 9 months 2 days ago which may make its actuality or expire date not be valid anymore. This site is not responsible for any misunderstanding.

image Problem: A security bug in Skype for Windows client has been identified and fixed.

Skype uses Internet Explorer web control to render HTML content. This is used also for providing “add video to mood” and “add video to chat” functionality. The bug has been discovered in Windows Skype code which allows scripts to be run in unlocked Local Zone security context of IE and execute shell.

In order to exploit this an attacker must exploit code injection vulnerability at content provider site. Such vulnerabilities were discovered in Dailymotion website, in Metacafe Pro video submission software as well as in Skype’s own SkypeFind. All of them have been fixed at the time of issuing this bulletin.

Affected software: The following Skype clients are vulnerable to this attack:

Skype for Windows:

  • All releases including 3.5.*
  • 3.6 releases prior and including 3.6.*.244

Solution: An official fix to the issue covered by this Security Bulletin has been released.

The core vulnerability has been fixed by setting IE control security context to Internet Zone. To implement this fix, update to one of the following releases of Skype.

Skype for Windows: 3.6.*.248 or later

The preferred method for installing security updates is to download the software directly from Skype’s website, from the website of Skype’s authorized partners, or from a reliable mirror site.

Source:Skype Security Bulletin

Post to Twitter Post to Yahoo Buzz Post to Digg Post to Facebook

gasusan2005 (1432 Posts) - Website | Twitter | Facebook





You can also participate in other conversation in our active forums with 200,000 other Members. It only takes 2 minutes to sign up one time for free in the forums.
blog comments powered by Disqus