Info

Disclosure

Jul 16, 2012

Discovery

Unknown

Dates

Exploit

Jul 16, 2012

Solution

Jul 17, 2012

Description

Skype contains a flaw that may lead to an unauthorized information disclosure. The issue occurs when the program is in a state of crashing, and may send a private message intended for one person to another on your contact list. Reports indicate this may be sporadic behavior, and may not be controllable by an attacker. However, sensitive messages may be disclosed to someone that you did not intend to receive them.

Classification

Location: Remote / Network Access
Attack Type: Information Disclosure, Race Condition
Impact: Loss of Confidentiality
Solution: Upgrade
Exploit: Exploit Public
Disclosure: Vendor Verified

Solution

Upgrade to version 4.0.0.8 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Skype Technologies S.A.	Skype	5.9
		5.10
		5.8
		4.0
		1.2
	Skype for Android	2.8

References

Vendor Specific News/Changelog Entry: http://freecode.com/projects/skype/releases/346517
News Article: http://www.bbc.co.uk/news/technology-18863423
http://www.engadget.com/2012/07/16/skype-privacy-bug/
http://www.zdnet.com/skype-bug-sends-messages-to-random-contacts-fix-coming-soon-7000000980/

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/84089

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Skype Technologies S.A.

Skype

Skype for Android

References

Credit