| Title: | Buffer overflow in Skype-specific URI and VCARD import handling |
| Announcement date: | 25 October 2005 |
| Advisory Reference: | ptl-2005-01 |
| CVE Name: | CVE-2005-3265 |
| CVSS Base Score: | 10.0 (AV:R/AC:L/Au:NR/C:C/I:C/A:C/B:N) |
| Products: | Skype VoIP Client for Windows |
| Vulnerability Type: | Buffer Overflow |
| Vendor-URL: | http://skype.com/security/skype-sb-2005-02.html |
| Vendor-Status: | Patch Released |
| Remotely Exploitable: | Yes |
| Locally Exploitable: | N/A |
| Advisory URL: | http://skype.com/security/skype-sb-2005-02.html |
Skype can be made to execute arbitrary code through a buffer overflow when called upon to handle malformed URLs that are in Skype-specific URI types callto:// and skype://.
In addition, Skype can be made to execute arbitrary code during importation of a VCARD that is in a specific non-standard format.
The following Skype clients are vulnerable to these attacks:
Skype for Windows: Releases 1.1.*.0 through 1.4.*.83
| 18-10-2005 - | Initial Pentest Limited Notification |
| 18-10-2005 - | Vulnerablities reproduced and acknowledged by Skype |
| 25-10-2005 - | Skype Security Advisory Released |
An official fix to the issues covered by this security advisory has been released. To implement this fix, update to one of the following releases of Skype.
Skype for Windows: Release 1.4.*.84 or later
As a workaround prior to updating the Skype software, these bugs may be avoided by not selecting Skype-specific URIs and not importing VCARD records.
These vulnerabilities were discovered by Mark Rowe and Joe Moore from Pentest Limited.
