| Skype vulnerabilites | | Print | |
|
Qualys reports this week on two Skype vulernabilities, a Multiple Buffer Overflow and a heap overflow. What is most significant about this, is that Skype is now using CVSS - the Common Vulnerability Scoring system to score it's vulnerabilities and has awarded itself an 8. 05.43.9 CVE: CVE-2005-3267Platform: Cross Platform Title: Skype Networking Routine Heap Overflow Description: Skype is peer-to-peer communications application. It is vulnerable to a heap overflow issue due to the client receiving a specifically-crafted network traffic, which causes an overwrite to part of the heap including the heap integrity control data. All Skype clients are vulnerable.
For the complete advisory, see SKYPE-SB/2005-003: Heap overflow in networking routine
|