Skype Patch: Don't Go With The Overflow

Secunia reports a highly critical URI Handler Buffer Flow vulnerability in versions 1.095 through 1.0 .98 versions of Skype For Windows software.

URI, for those who don't know, stands for Uniform Resource Identifier, a technology for identifying resources on the Internet or a network. For example, if you look at the source code of a Web page and see the term mailto,you are seeing an URI. When detected, that URI should bring up the email program associated with that type of URI. The email program, Web browser, FTP client, or other utility you usecomes witha handler that executes the specific software routine it is being called on by the URI to do.

And that's when things can get funky if you have an overflow vulnerability.

The vulnerability, the computing and communications security firm notes, "can be exploited by malicious people to compromise a user's system."

Secunia attributes the problem to a "boundary error within the handling of command line" arguments that can fool a user into visiting a malicious Web site. Once on the site, the user (let us hope that is not you) passes along a string that could result in the "execution of arbitrary code.")

Sounds nasty, but Skype's on the case. Their Download Skype for Windows Pagehas the latest fix, which is an update to version 1.0.0.100.

Although I recommend you go to that page first, here is the direct link for you Type A's.