Sunday, February 10, 2008

Skype Cross Zone Scripting Vulnerability Fix Released

Skype has issued a fix for the recent Skype flaw, discovered by Aviv Raff. The stems from the fact that Skype uses Internet Explorer's Web control to render internal and external HTML pages.

SKYPE-SB/2008-001: Skype Cross Zone Scripting Vulnerability
Bulletin title: Skype Cross Zone Scripting Vulnerability
Bulletin ID: SKYPE-SB/2008-001
Bulletin status: FINAL
Date of announcement: 2008-02-05 14:00:00 +0000
Products affected: Skype for Windows
Vulnerability type: Code injection
CVE references:
Risk assessment: HIGH
CVSS base score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
tag: , ,

0 comments:

Blog Widget by LinkWithin