0
images/news/skype.jpgSkype has fixed a critical security hole in the latest version of its Windows VoIP software, which could have allowed specially crafted websites to load and run malicious code on victims' PCs.
The URI handler skype4com, which the Skype software creates to handle web addresses, can fail when handling short strings, producing a memory violation that allows code to be written to memory.
"It is clear that Skype has once again closed critical holes furtively without informing users at all," said security website Heise Security. Users of older versions of the software should make sure they are running the latest version of Skype — version 3.6.
Security research firm Secunia, which rated the flaw as critical, offers a Software Inspector that should determine if a PC is vulnerable. Meanwhile, Skype has been criticised by users for allegedly not responding to bug reports.
The URI handler skype4com, which the Skype software creates to handle web addresses, can fail when handling short strings, producing a memory violation that allows code to be written to memory.
"It is clear that Skype has once again closed critical holes furtively without informing users at all," said security website Heise Security. Users of older versions of the software should make sure they are running the latest version of Skype — version 3.6.
Security research firm Secunia, which rated the flaw as critical, offers a Software Inspector that should determine if a PC is vulnerable. Meanwhile, Skype has been criticised by users for allegedly not responding to bug reports.
