szczypek-zaba
Użytkownik
- Dołączył
- Styczeń 11, 2005
- Posty
- 49
http://www.frsirt.com/english/advisories/2005/2197
exploit zostal oznaczony CRITICAL
prosiłbym obeznanych z tematem o szersze info w PL
Kod:
Advisory ID : FrSIRT/ADV-2005-2197
CVE ID : CVE-2005-3265 - CVE-2005-3267
Rated as : Critical
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2005-10-25
* Technical Description *
Multiple vulnerabilities were identified in Skype, which could be exploited by remote attackers to execute arbitrary commands or cause a denial of service.
The first issue is due to buffer overflow errors when processing a specially crafted "callto://" or "skype://" URL, which could be exploited by attackers to execute arbitrary commands.
The second vulnerability is due to an error when importing non-standard VCARD files, which could be exploited by attackers to compromise a vulnerable system by convincing a user to import a malicious VCARD.
The third flaw is due to an unspecified error in a specific networking routine, which could be exploited by attackers to execute arbitrary commands or cause a denial of service.
* Affected Products *
Skype for Windows Release 1.4.*.83 and prior
Skype for Mac OS X Release 1.3.*.16 and prior
Skype for Linux Release 1.2.*.17 and prior
Skype for Pocket PC Release 1.1.*.6 and prior
* Solution *
Apply patches :
[url]http://www.skype.com/download/[/url]
* References *
[url]http://www.frsirt.com/english/advisories/2005/2197[/url]
[url]http://www.skype.com/security/skype-sb-2005-02.html[/url]
[url]http://www.skype.com/security/skype-sb-2005-03.html[/url]
[url]http://www.pentest.co.uk/documents/ptl-2005-01.html[/url]
* Credits *
Vulnerabilities reported by Mark Rowe, Joe Moore and Imad Lahoud.prosiłbym obeznanych z tematem o szersze info w PL