Skype Fixes Security Hole In Their Software
Their is a newly released Windows version of Skype’s VOIP software, 1.0.0.100, and in it Skype addressed the “highly critical” bug that allows a remote attacker to take control of the Skype user’s computer. Be sure to update to the latest version, it can be found on the Skype website.
An advisory from Secunia based on the bug report from Skype calls the bug “highly critical.” It states that the bug is caused by an error in the handling of command-line arguments. The problem may be induced by a browser link utilizing the “callto:” URI handler, installed by Skype.
Such a link would only function for Skype users, and the problem only affects versions 1.0.*.95 through 1.0.*.98, but successful exploitation could allow an attacker to execute arbitrary code on a user’s system.