This script is Copyright (C) 2010-2015 Tenable Network Security, Inc.
The remote Skype client is affected by an information disclosure
According to its timestamp, the version of Skype installed on the
remote Windows host fails to sanitize input in its URI handler to its
'/Datapath' argument, which specifies the location of the Skype
configuration files and security policy.
If an attacker can trick a user on the affected system into clicking
on a specially crafted link, the client could be made to use a
Datapath location on a remote SMB share. In turn, this could lead to
man-in-the-middle attacks or the disclosure of sensitive information,
such as call history associated with the user.
See also :
Upgrade to Skype 18.104.22.168 or later.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.6
Public Exploit Available : true