Critical Skype flaw forces upgrade

A critical flaw in Skype's internet telephony software has forced the company to issue an urgent update.

Danish security group Secunia issued an advisory at the start of the week warning that a flaw in versions 1.0.0.95 through 1.0.0.98 of Skype's software is "highly critical".

According to the warning, the flaw means that Skype users visiting a maliciously engineered website could suffer a buffer overflow attack potentially giving remote hackers full rights over compromised PCs.

"The vulnerability is caused due to a boundary error within the handling of command line arguments," said Secunia on its website.

"This can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into visiting a malicious website which passes an overly long string (more than 4,096 bytes) to the 'call to:' URL handler."

Skype claims that over 30 million people use its software, which routes voice calls over the internet.

The peer-to-peer technology allows free calls to other internet phones, but can also connect to land lines on a per-minute charging basis.