Bugtraq mailing list archives
Skype URI callto username overflow
From: Hillel Himovich <hll () netvision net il>
Date: 10 Jun 2004 00:46:45 -0000
Here is a cute little URI I found crashing skype on it's latest version (0.98.0.04). It's proboby a buffer overflow of some sort, so, a special crafted URI culd potentionally lead to remote code execution. (would probobly be extreamly hard doing it threw a URI, but still an option) callto://aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/ If you really really want this not to happend to you, u shuld remove the reffering registry entrance to "callto://" in URI's Regards, Hillel Himovich "HLL" HLL () netvision net il
Current thread:
- Skype URI callto username overflow Hillel Himovich (Jun 14)