Skype Flaws Open Users to Attack

Two vulnerabilities within Skype were made public on Tuesday and resolved in a new release of the VoIP software. The flaws centered on boundary errors in the way Skype handles URLs meant to trigger an action within the program, and when importing VCARD files. Both issues could be used for a code execution attack when the user loads specially crafted URLs and files.

Web security firm Secunia rated the flaws as "highly critical" and recommended that users of the program download the latest version. "As a work-around prior to updating the Skype software, this bug may be avoided by not selecting Skype-specific URLs and not importing VCARD records," Skype recommended in its advisory. The problem affects all previous versions of the software.