In association with heise online

07 February 2008, 11:24

Skype closes scripting holes in Windows client

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Skype has released an update for its eponymous VoIP client to remedy a cross-zone scripting vulnerability and other bugs. The vulnerability allows manipulated videos from Dailymotion and Metacafe to inject malicious code. While awaiting the release of this update, Skype has been blocking access to these partner websites. Now, the update forces all HTML content to run in the internet zone instead of the local zone.

The new version also contains a blacklist and a whitelist to determine which programs have access to Skype's public API. In addition, connection speeds from the Skype network to "restrictive network environments" have been improved. The new version of the client also fixes several other flaws. Users can either use Skype's update function or download the software manually.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit