A remote overflow exists in Skype. The application fails to validate the user-controlled length of a UDP packet resulting in a heap overflow. With a specially crafted UDP packet, an attacker can cause arbitrary code execution resulting in a loss of integrity.
Classification
Location:
Remote/Network Access Required
Attack Type:
Input Manipulation
Impact:
Loss of Integrity
Exploit:
Exploit Rumored / Private
Disclosure:
OSVDB Verified
Technical
The appropriate upgrade per platform is listed below.
Skype for Windows: Release 1.4.*.84 or later
Skype for Mac OS X: Release 1.3.*.17 or later
Skype for Linux: Release 1.1.*.20 or later
Skype for Pocket PC: No patch is yet available.
Solution
Upgrade to the appropriate fixed version, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.