The Hacker News Logo
Subscribe to Newsletter

Skype zero day HTML/(Javascript) code injection

Skype zero day HTML/(Javascript) code injection
Noptri Public Security Advisory has publised a working skype zero day vulnerability with POC for skype. Skype users need be aware of this vulnerability.
Affected Software:
Software: Skype <= 5.5.0.113
Affected Platforms:
Windows (XP, Vista, 7)
Problem Description:
Skype suffers from a persistent code injection vulnerability due to a lack
of input validation and output sanitization of following profile entries:
    [+] home
    [+] office
    [+] mobile
Proof of Concept:
The following HTML codes can be used to trigger the described vulnerability:
--- SNIP ---
    [+] Home Phone Number:
    <b>INJECTION HERE</b>
    [+] Office Phone Number:
    <center><i>INJECTION HERE</i></center>
    [+] Mobile Phone Number:
    <a href="#">INJECTION HERE</a>
Impact:
An attacker could for example inject HTML/Javascript code. It has not been verified though, if it's possible to hijack cookies or to attack the underlying operating system. Attacker could give a try using extern .js files...

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
SHARE
Comments
Latest Stories
Best Deals

Newsletter — Subscribe for Free

Join over 500,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.