Skype < 22.214.171.124 Multiple Vulnerabilities (uncredentialed check)
Critical Nessus Plugin ID 21209
SynopsisArbitrary code can be executed on the remote host.
DescriptionThe remote host is running Skype, a peer-to-peer voice over IP software.
The remote version of this software is vulnerable to a heap overflow in the handling of its data structures. An attacker can exploit this flaw by sending a specially crafted network packet to UDP or TCP ports Skype is listening on. A successful exploitation of this flaw will result in code execution on the remote host.
In addition, Skype has been reported to contain overflows in the handling of VCards and callto/skype URLs. However, Nessus has not checked for them.
SolutionUpgrade to skype version 126.96.36.199 or later.