brainslicer Postad 18 Januari , 2008 Rapport Postad 18 Januari , 2008 Researchers Find Code Execution Bug in Skype Security researchers have found a serious security vulnerability that could result in PC hijack attacks against users of the wildly popular Skype voice chat tool. The issue, described by Aviv Raff as a cross-zone scripting vulnerability, could allow hackers to use rigged video files to launch full code execution (PC takeover) attacks. I noticed that parts of the Skype traffic go over unencrypted channel. After further investigation, I found out that the unencrypted packets are part of Skype's ads, which are pulled on several places, some of which end up within the unrestricted IE controller. With the help of tools like Airpwn or Karma, attackers can easily hijack [those] ads and replace them with malicious ones. Upon rendering, a malicious code will execute within unrestricted IE controller and as such will allow the bad guys in. This type of attack is very easy to pull and it requires almost zero preparation. Allvarlig bugg i Skype öppnar för angripare Säkerhetsforskaren Aviv Raff har upptäckt en allvarlig säkerhetsbrist i IP-telefoniprogrammet Skype. En manipulerad videofil kan användas för att helt ta över datorn Skype är installerad på. Citera
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.