TippingPoint Zero Day Initiative

Skype URI Handler Remote Heap Corruption Vulnerability

ZDI-07-070: December 6th, 2007

CVE ID

CVE-2007-5989

Affected Vendors

Skype

Affected Products

Skype

Vulnerability Details

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Skype. User interaction is required to exploit this vulnerability in that the target must visit a malicious page.

The specific flaw exists within the 'skype4com' URI handler created by Skype during installation. When processing short string values through this handler an exploitable memory corruption may occur which can result in arbitrary code execution under the context of the current user.

Vendor Response

Skype states:

Skype has corrected this issue as of 11/15/2007. All clients updated or installed as of that date are patched to this issue.

Disclosure Timeline

2007-11-02 - Vulnerability reported to vendor
2007-12-06 - Coordinated public release of advisory

Credit

This vulnerability was discovered by:

Anonymous

Published Advisories

ZDI-08-032: Adobe

• published 2008-05-22

ZDI-08-031: Cerulean Studios

• published 2008-05-21

ZDI-08-030: Cerulean Studios

• published 2008-05-21

ZDI-08-029: Cerulean Studios

• published 2008-05-21

ZDI-08-028: IBM

• published 2008-05-21

Upcoming Advisories

Microsoft

• reported 2008-05-19, 3 days ago

Novell

• reported 2008-05-19, 3 days ago

Novell

• reported 2008-05-19, 3 days ago

Microsoft

• reported 2008-05-19, 3 days ago

Microsoft

• reported 2008-05-19, 3 days ago

Recent Press

Apple Patches MacBook Air Hijack Flaw

• published 2008-04-16, eWeek

Three different hackers found 'Pwn To Own' bug

• published 2008-04-10, Computerworld

Are Security Researchers Targeting QuickTime?

• published 2008-04-04, InternetNews

Vista notebook falls in hacker challenge

• published 2008-03-30, ComputerWorld

Flash flaw leads to Vista laptop's fall

• published 2008-03-29, CNet