Skype File URI Security Bypass Code Execution Vulnerability


Idefense has published my advisory about a potential security vulnerability in Skype. Explotation of this issue allows an attacker to execute arbitrary code.
To exploit it, an attacker needs to construct and send to the victim (as a skype chat message) a malicious file: URI. There are two flaws with this advisory. Once of them is […]