The Hacker News Logo
Subscribe to Newsletter

Skype zero day HTML/(Javascript) code injection

Skype zero day HTML/(Javascript) code injection
Noptri Public Security Advisory has publised a working skype zero day vulnerability with POC for skype. Skype users need be aware of this vulnerability.
Affected Software:
Software: Skype <= 5.5.0.113
Affected Platforms:
Windows (XP, Vista, 7)
Problem Description:
Skype suffers from a persistent code injection vulnerability due to a lack
of input validation and output sanitization of following profile entries:
    [+] home
    [+] office
    [+] mobile
Proof of Concept:
The following HTML codes can be used to trigger the described vulnerability:
--- SNIP ---
    [+] Home Phone Number:
    <b>INJECTION HERE</b>
    [+] Office Phone Number:
    <center><i>INJECTION HERE</i></center>
    [+] Mobile Phone Number:
    <a href="#">INJECTION HERE</a>
Impact:
An attacker could for example inject HTML/Javascript code. It has not been verified though, if it's possible to hijack cookies or to attack the underlying operating system. Attacker could give a try using extern .js files...

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
SHARE
Comments
Latest Stories
Top Deals

Newsletter — Subscribe for Free

Over 500,000 Information Security professional read and trust our news platform. Join them and get all latest hacking news, free eBooks delivered to your inbox - free!