Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Exploits-HackingTools
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[NT] Skype URI Handler Command Switch Parsing

from [SecuriTeam] Network Security [Permanent Link]
Subject: [NT] Skype URI Handler Command Switch Parsing
Date: 24 May 2006 13:52:50 +0200 
The following security advisory is sent to the securiteam mailing list, and can 
be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html 

- - - - - - - - -



  Skype URI Handler Command Switch Parsing
------------------------------------------------------------------------


SUMMARY

During the typical installation of the Windows  <http://www.skype.com> 
Skype client, several URI handlers are installed. This allows for easy 
access to the Skype client through various URI types.

Due to a flaw in the handling of one of the URI types, it is possible to 
include additional command line switches to be passed to the Skype client. 
One of these switches will initiate a file transfer, sending the specified 
file to an arbitrary Skype user.

DETAILS

Vulnerable Systems:
 * Skype for Windows all releases prior to and including 2.0.*.104
 * Skype for Windows release 2.5.*.0 to and including 2.5.*.78

Exploitation occurs when the victim opens the exploit URI in Internet 
Explorer. This requires the victim to visit a website under the attackers 
control, or to be convinced into opening a malicious HTML page. Clicking 
on a link is not required, as this action can be automated in various ways 
using scripting language.

For the attack to be successful the attacker must know the location of the 
requested file on the victims machine. One common target file would be the 
victims Skype configuration file.

For the file transfer to succeed the attacker must have authorised the 
victim, which can be done by adding the victim to the attackers contact 
list. This does not require any authorisation from the victim Skype user.

Other Skype command line switches could also be exploited to manipulate or 
obtain the Skype users credentials, under similar situations.

Solutions:
Install the vendor supplied upgrade
 <http://www.skype.com/security/skype-sb-2006-001.html> 
http://www.skype.com/security/skype-sb-2006-001.html


ADDITIONAL INFORMATION

The information has been provided by  
<mailto:brett.moore@security-assessment.com> Brett Moore.



======================================== 


This bulletin is sent to members of the SecuriTeam mailing list. 
To unsubscribe from the list, send mail with an empty subject line and body to: 
list-unsubscribe@securiteam.com 
In order to subscribe to the mailing list, simply forward this email to: 
list-subscribe@securiteam.com 


==================== 
==================== 

DISCLAIMER: 
The information in this bulletin is provided "AS IS" without warranty of any 
kind. 
In no event shall we be liable for any damages whatsoever including direct, 
indirect, incidental, consequential, loss of business profits or special 
damages.
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [NT] Skype URI Handler Command Switch Parsing, SecuriTeam <=
Previous by Date:  [UNIX] Novell eDirectory NDS Server Buffer Overflow, SecuriTeam
Next by Date:  [EXPL] netPanzer Server DoS (Exploit), SecuriTeam
Previous by Thread:  [UNIX] Novell eDirectory NDS Server Buffer Overflow, SecuriTeam
Next by Thread:  [EXPL] netPanzer Server DoS (Exploit), SecuriTeam
Indexes:  [Date] [Thread] [Top] [All Lists]