Impact: Manipulation,Remotely Exploitable
Affected Software: Skype 4.x
Description: A vulnerability has been discovered in Skype, which can be exploited by malicious people to delete certain data on a user's system.
The vulnerability is caused due to an error within the Skype Extras Manager (skypePM.exe) in the handling of "skype-plugin:" URIs. This can be exploited to delete an arbitrary ".xml" file e.g. if a user visits a specially crafted web page.
The vulnerability is confirmed in skypePM.exe version 220.127.116.11 included in Skype for Windows version 18.104.22.168. Other versions may also be affected.
Disable the "skype-plugin:" protocol handler.
Feedback: If you have additional information or corrections for this security advisory please contact us at advisory(at)triviasecurity.org