Info

Disclosure

Oct 25, 2005

Discovery

Oct 18, 2005

Dates

Exploit

Unknown

Solution

Unknown

Description

A remote overflow exists in Skype. The application fails to validate the user-controlled length of a UDP packet resulting in a heap overflow. With a specially crafted UDP packet, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Rumored
Disclosure: OSVDB Verified

Solution

Upgrade to the appropriate fixed version, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Skype Technologies S.A.	Skype for Windows	1.4.*.83
	Skype for Mac OS X	1.3.*.16
	Skype for Linux	1.2.*.17
	Skype for Pocket PC	1.1.*.6

References

Bugtraq ID: 15192
Secunia Advisory ID: 17305
SCIP VulDB ID: 1837
CVE ID: 2005-3267 (see also: NVD)
ISS X-Force ID: 22850
CERT VU: 905177
VUPEN Advisory: ADV-2005-2197
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-10/0284.html
Packet Storm: http://packetstormsecurity.org/0510-advisories/skypeRealData.txt
Vendor Specific Advisory URL: http://www.skype.com/security/skype-sb-2005-03.html
Generic Informational URL: http://www.theregister.co.uk/2005/10/25/skype_vuln/

Credit

EADS Corporate Research Center - EADS Corporate Research Center

Direct URL: http://osvdb.org/36218

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Skype Technologies S.A.

Skype for Windows

Skype for Mac OS X

Skype for Linux

Skype for Pocket PC

References

Credit