Skype URI callto username overflow
Here is a cute little URI I found crashing skype on it's latest version
(0.98.0.04).
It's proboby a buffer overflow of some sort, so, a special crafted URI culd
potentionally lead to remote code execution.
(would probobly be extreamly hard doing it threw a URI, but still an option)
callto://aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/
If you really really want this not to happend to you, u shuld remove the
reffering registry entrance to "callto://" in URI's
Regards,
Hillel Himovich
"HLL"
HLL@xxxxxxxxxxxxxxxx