Vi riportiamo di seguito l'advisory di Secunia, società specializzata in sicurezza informatica, riguardante i gravi bug che affliggono Skype.

Livello: Molto Critico

Description:
Some vulnerabilities have been reported in Skype, which can be exploited by malicious people to cause a DoS or to compromise a user's system.

1) A boundary error exists when handling Skype-specific URI types e.g. "callto://" and "skype://". This can be exploited to cause a buffer overflow and allows arbitrary code execution when the user clicks on a specially-crafted Skype-specific URL.

The vulnerability is related to:
SA13191

2) A boundary error exists in the handling of VCARD imports. This can be exploited to cause a buffer overflow and allows arbitrary code execution when the user imports a specially-crafted VCARD.

Vulnerability #1 and #2 has been reported in Skype for Windows Release 1.1.*.0 through 1.4.*.83.

3) A boundary error exists in the handling of certain unspecified Skype client network traffic. This can be exploited to cause a heap-based buffer overflow.

Successful exploitation crashes the Skype client.

The vulnerability has been reported in the following versions:
* Skype for Windows Release 1.4.*.83 and prior.
* Skype for Mac OS X Release 1.3.*.16 and prior.
* Skype for Linux Release 1.2.*.17 and prior.
* Skype for Pocket PC Release 1.1.*.6 and prior.

Solution:
Update to the fixed version.
http://www.skype.com/download/

Skype for Windows:
Update to Release 1.4.*.84 or later.

Skype for Mac OS X:
Update to Release 1.3.*.17 or later.

Skype for Linux:
Update to Release 1.2.*.18 or later.

Skype for Pocket PC:
No patch is yet available.

Provided and/or discovered by:
1-2) Mark Rowe and Joe Moore, Pentest Limited.
3) Imad Lahoud, EADS Corporate Research Center.

Changelog:
2005-10-25: Updated credit and "Original Advisory" sections.

Original Advisory:
Skype:
http://www.skype.com/security/skype-sb-2005-02.html
http://www.skype.com/security/skype-sb-2005-03.html

Pentest Limited:
http://www.pentest.co.uk/documents/ptl-2005-01.html

Other References:
SA13191:
http://secunia.com/advisories/13191/


Fonte: Secunia.com