Skype versions 5.5.0.113 and below on Windows suffers from HTML and Javascript injection vulnerabilities.
2c528e6e8bc01de1bd0fc12e3f7250aa305dc496eec675d266f122e65a63097d
+-----------------------------------------------------------------------------+
| noptrix.net - Public Security Advisory |
+-----------------------------------------------------------------------------+
Date:
-----
08/17/2011
Vendor:
-------
Skype Limited - http://www.skype.com/
Affected Software:
------------------
Software: Skype
Version: <= 5.5.0.113
Affected Platforms:
-------------------
Windows (XP, Vista, 7)
Vulnerability Class:
--------------------
HTML/(Javascript) code injection
Description:
------------
Skype suffers from a persistent code injection vulnerability due to a lack
of input validation and output sanitization of following profile entries:
- home
- office
- mobile
Proof of Concept:
-----------------
The following HTML codes can be used to trigger the described vulnerability:
--- SNIP ---
Home Phone Number:
<b>INJECTION HERE</b>
Office Phone Number:
<center><i>INJECTION HERE</i></center>
Mobile Phone Number:
<a href="#">INJECTION HERE</a>
--- SNIP ---
For a PoC demonstration see:
- http://www.noptrix.net/tmp/skype_inject.png
Impact:
-------
An attacker could for example inject HTML/Javascript code. It has not been
verified though, if it's possible to hijack cookies or to attack the underlying
operating system. Attacker could give a try using extern .js files...
Threat Level:
-------------
Low - ?
Solution:
---------
skype.com has to validate the input characters and sanitize the output.
Status:
-------
Skype hasn't fixed the issue yet.