Skype URI callto username overflow

[Hillel Himovich <hll () netvision net il>]

Here is a cute little URI I found crashing skype on it's latest version (0.98.0.04).
It's proboby a buffer overflow of some sort, so, a special crafted URI culd potentionally lead to remote code execution.
(would probobly be extreamly hard doing it threw a URI, but still an option)

callto://aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/

If you really really want this not to happend to you, u shuld remove the reffering registry entrance to "callto://" in 
URI's

Regards,
Hillel Himovich
"HLL"
HLL () netvision net il