| VID |
28270 |
| Severity |
30 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
According to its timestamp, the version of Skype installed on the remote Windows host fails to sanitize input in its URI handler to its '/Datapath' argument, which specifies the location of the Skype configuration files and security policy.
If an attacker can trick a user on the affected system into clicking on a specially crafted link, he may be able to have the client use a Datapath location on a remote SMB share. In turn, this could lead to man-in-the-middle attacks or the disclosure of sensitive information, such as call history associated with the user.
* Note: This check requires an account with Guest or upper privileges which can access the registry of the remote host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.security-assessment.com/files/advisories/Skype_URI_Handling_Vulnerability.pdf
http://www.securityfocus.com/archive/1/510017/30/0/threaded
https://developer.skype.com/WindowsSkype/ReleaseNotes
http://share.skype.com/sites/garage/2010/03/10/ReleaseNotes_4.2.0.155.pdf |
| Recommendation |
Upgrade to the latest version of Skype (4.2.0.155 or later), available from the Skype Web site at http://www.skype.com/products/skype/windows/ |
| Related URL |
(CVE) |
| Related URL |
38699 (SecurityFocus) |
| Related URL |
(ISS) |
|
