Skype Zero Day HTML(Javascript) Code Injection



Noptri Public Security Advisory has publised a working skype zero day vulnerability with POC for skype. Skype users need be aware of this vulnerability.
Affected Software:
Software: Skype <= 5.5.0.113
Affected Platforms:
Windows (XP, Vista, 7)
Problem Description:
Skype suffers from a persistent code injection vulnerability due to a lack
of input validation and output sanitization of following profile entries:
    [+] home
    [+] office
    [+] mobile
Proof of Concept:
The following HTML codes can be used to trigger the described vulnerability:
--- SNIP ---
    [+] Home Phone Number:
    INJECTION HERE
    [+] Office Phone Number:
   
INJECTION HERE

    [+] Mobile Phone Number:
    INJECTION HERE
Impact:
An attacker could for example inject HTML/Javascript code. It has not been verified though, if it's possible to hijack cookies or to attack the underlying operating system. Attacker could give a try using extern .js files...

Source Thn With NopTrix.

0 comments:

Post a Comment

Connect with Us!

Banner 300x250

Most Popular

Internet

Home Style

Fashion

Money

Azon Profit Master

Beauty

Sekolah Internet Indonesia

Computer

Life Style