All the latest UK technology news, reviews and analysis
|
|
|
17 Nov 2004
A critical flaw in Skype's internet telephony software has forced the company to issue an urgent update.
Danish security group Secunia issued an advisory at the start of the week warning that a flaw in versions 1.0.0.95 through 1.0.0.98 of Skype's software is "highly critical".
According to the warning, the flaw means that Skype users visiting a maliciously engineered website could suffer a buffer overflow attack potentially giving remote hackers full rights over compromised PCs.
"The vulnerability is caused due to a boundary error within the handling of command line arguments," said Secunia on its website.
"This can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into visiting a malicious website which passes an overly long string (more than 4,096 bytes) to the 'call to:' URL handler."
Skype claims that over 30 million people use its software, which routes voice calls over the internet.
The peer-to-peer technology allows free calls to other internet phones, but can also connect to land lines on a per-minute charging basis.
Latest stories from Telecoms
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Hands on with the highly anticipated Android 4.0 Ice Cream Sandwich hybrid tablet
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
Salesforce.com Consultants, both Functional or Technical...
Enterprise Data Architect required by reputable Banking...
SSIS, SSAS, MDX, OLAP, OLTP, Data Warehousing, Data Modelling...
Specialist IT service provider is looking to recruit...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?