|
|
|
 |
|
Vulnerability in Skype
|
ALARM Group ALERT - click for a description of ALARM, The Computing Alert System
Alert Number: 052606-01
Alert Date: 05/26/06
Alert Title: Vulnerability in Skype
Update-to: none
OS/Platform/Application:
Skype for Windows < version 2.0.*.104
Skype for Windows 2.5.*.0 - 2.5.*.78
Category: ALERT
Severity: LOW
Attention: Skype Users, Technology Coordinators |
Summary: A vulnerability has recently been discovered in Skype (the popular Peer to Peer/Voice Communications application). This vulnerability (deemed "medium criticality" by the vendor) could allow an attacker to download files from a vulnerable system (information disclosure) without the consent of the logged-in user. A potential vector of exploit would be via a specifically-crafted Skype URL. Skype has released updated versions of its software to address this vulnerability.
Recommended Actions: Skype users are encouraged to read the Skype security bulletin/associated articles (links provided below) and consider installing the new, secure version of Skype as soon as possible. Because Skype is a popular application on personal/home PCs, readers are also encouraged to share this alert with associates, friends, and family members that may use Skype in an effort to spread the news of this vulnerability.
ITS Actions: No specific additional actions are being taken by ITS at this time.
Resources:
Skype Security Advisory 2006/01:
http://www.skype.com/security/skype-sb-2006-001.html
Network World article on Skype vulnerability:
http://www.networkworld.com/nlsecuritynewsal34250
FrSirt Advisory:
http://www.frsirt.com/english/advisories/2006/1871
Secunia Advisory:
http://secunia.com/advisories/20154/
|
|
|
|
|
|
