Security Advisory
  • Skype "skype-plugin:" URI Handling XML File Deletion Vulnerability Reported Date: 10-04-10
Rated Level: Low
Impact: Manipulation,Remotely Exploitable
Affected Software: Skype 4.x
Description: A vulnerability has been discovered in Skype, which can be exploited by malicious people to delete certain data on a user's system.

The vulnerability is caused due to an error within the Skype Extras Manager (skypePM.exe) in the handling of "skype-plugin:" URIs. This can be exploited to delete an arbitrary ".xml" file e.g. if a user visits a specially crafted web page.

The vulnerability is confirmed in skypePM.exe version 2.0.0.67 included in Skype for Windows version 4.2.0.155. Other versions may also be affected.


Note: ZDI credits rgod
http://www.zerodayinitiative.com/
Solution: Disable the "skype-plugin:" protocol handler.
Original Advisory: http://www.zerodayinitiative.com/advisories/ZDI-10-028/
Feedback: If you have additional information or corrections for this security advisory please contact us at advisory(at)triviasecurity.org

Security Advisories by Month (2010)
Aug (4) Jul (3) Apr (5) Mar (3) Jan (8)
TS Promotion
Software Security Tools
Latest Exploit Codes
TS Information
About Trivia Security
Frequently Asked Questions
TS Announcements
Terms of service
Site Map
Search
Security
Phishing Scams
Advisories
Exploits
News & Headlines
xss playground
Web Proxy
Proxy List
War Games
TS Encryption
InfoSec Library
Latest Library Articles
Video Library
Top Articles
Browse Library
Soft-Tools
Latest Tools
Top Downloads
Browse Tools Archive
Forums
Login
Register
Search
Latest Topics
Links
Affiliates
TS Top Sites
Recomended Sites