14 DAY TRIAL // Skype, the popular VoIP client, is again the main subject of today's security news, after Zero Day Initiative reported a new vulnerability in the versions prior to 3.6. Under the 'skype4com URI Handler Heap Corruption Vulnerability', security company Secunia rated the flaw as highly critical and urged the users to update to the latest version of the application in order to avoid potential exploitations of the flaw.
"A vulnerability has been reported in Skype, which can be exploited by malicious people to compromise a user's system," Secunia noted in the notification published today.
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Skype. User interaction is required to exploit this vulnerability in that the target must visit a malicious page," Zero Day Initiative wrote in the security advisory.
"The specific flaw exists within the 'skype4com' URI handler created by Skype during installation. When processing short string values through this handler an exploitable memory corruption may occur which can result in arbitrary code execution under the context of the current user."
Skype was informed about the issue on November 2, 2007 and after only 13 days it released the 3.6 version, which was supposed to correct this issue and keep the users secure.
The VoIP technology has been pretty popular among the Internet users, as it recorded millions of downloads from people all around the world. For example, Skype got 287,067 hits on Softpedia with no other similar solution attracting so many downloads. Skype was built by the people who also developed KaZaa, being available on multiple platforms including Windows, Linux and Mac.
Skype 3.6.0.216 was released on November 15 and is available for download right here on Softpedia. The Linux version can be found on this link while the last Mac release is published here.