Skype Vulnerable to HTML/(Javascript) Code Injection

New HTML Javascript Code Injection vulnerability have been discovered in Skype the flaw code and PoC are published on Noptrix website, affected software version is Skype 5.5.0.113 or older that are installed on windows XP , Vista or se7en.

Skype suffers from a persistent code injection vulnerability due to a lack of input validation an attacker could for example inject HTML/Javascript code that allows him to hijack cookies or to attack the underlying operating system.

Share
You can leave a response, or trackback from your own site.