Recent Posts
- SnortReport nmap.php target Parameter Arbitrary Command Execution
- Privacy in iTunes Ping
- Mandriva: 2010:170: wget
- New Bento 3 Project Manager
- Gentoo: 201009-01: wxGTK: User-assisted execution of arbitrary code
Categories
- Apple Security Updates
- CVE Vulnerabilities
- Debian Advisories
- Fedora Advisories
- Foresight Advisories
- FreeBSD Advisories
- Gentoo Advisories
- Linux Vulnerabilities
- Mandriva Advisories
- Microsoft Security Response Center
- Microsoft Vulnerabilities
- Nessus Plugin Updates
- Product Updates
- Red Hat Advisories
- Slackware Advisories
- Suse Advisories
- Ubuntu Advisories
Skype skype: URI Handling /Datapath Argument Injection Settings Manipulation (credentialed check)
Last Updated: March 16, 2010
Synopsis : The remote Skype client is affected by an information disclosure vulnerability. Description : According to its timestamp, the version of Skype installed on the remote Windows host fails to sanitize input in its URI handler to its ‘/Datapath’ argument, which specifies the location of the Skype configuration files and security policy. If an attacker can trick a user on the affected system into clicking on a specially crafted link, he may be able to have the client use a Datapath location on a remote SMB share.
Read more:
Skype skype: URI Handling /Datapath Argument Injection Settings Manipulation (credentialed check)
Leave a Comment