Skype Technologies URI Handler Remote Code Execution
Medium Nessus Network Monitor Plugin ID 4531
SynopsisThe remote host may be tricked into running an executable file
DescriptionThe version of Skype installed on the remote host is vulnerable to a flaw wherein specially formatted 'file://' URI will allow the download and execution of executable files. An attacker, exploiting this flaw, would need to be able to coerce a user into browsing a malicious URI. Successful exploitation would result in the attacker executing arbitrary code.
SolutionUpgrade to Skype release 220.127.116.11.