-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ----- Start of announcement -----

November 17, 2004
SKYPE SECURITY ADVISORY
SSA-2004-02: CALLTO HANDLING BUFFER OVERFLOW

Overview

    Certain versions of Skype for Windows contain a buffer
    overflow vulnerability that could possibly allow a remote
    attacker to execute arbitrary code with the privileges of the
    user running Skype.
    
    
Systems Affected

    Microsoft Windows systems running
      Skype for Windows versions 1.0.*.94 to 1.0.*.98


I. Description

    A buffer overflow vulnerability exists in the way Skype parses
    command-line arguments. If Skype is executed with a command
    line longer than approximately 4096 characters, Skype would
    report an Access Violation and terminate. However, an attacker
    could use this vulnerability to overwrite the program stack
    with data given in the command line, thus giving rise to the
    possibility of injected code execution.

    This vulnerability could be exploited in conjunction with the
    Skype-specific callto: URL. Once registered, Windows passes
    any callto: URL to Skype as a command-line argument. Therefore,
    if the user follows a specially-crafted long callto: URL, the
    victim instance of Skype could execute arbitrary code supplied
    by the attacker in the URL.


II. Impact

    By inducing a user to click on a specially crafted callto: URL
    on a web page or in an HTML e-mail message, an attacker could
    possibly execute arbitrary code with the privileges of the user.
    The attacker could also cause Skype to crash.


III. Solution

    Upgrade to Skype for Windows version 1.0.0.100 or higher.

    http://www.skype.com/download/


IV. Credit

    Skype thanks Fabian Becker for discovering and reporting this
    issue.


Contact

    The security of users is Skype's highest priority. You can
    contact Skype Product Security Incident Response Team (PSIRT)
    by e-mailing security@skype.net. Past advisories and the Skype
    PSIRT PGP key are available at http://www.skype.com/security/.

- ----- End of announcement ----- 

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3

iQA/AwUBQZtij+QJFIMBnbtDEQJItwCg4hrPOa1YIwTbQuKVJK2UMjC5IOIAoO2d
mVXakZTUw/LlDSSGTNj28HZx
=7wP0
-----END PGP SIGNATURE-----