Soluções para vulnerabilidades

O Exame Periódico de Vulnerabilidade do Nimsoft Cloud Monitor verifica a vulnerabilidade abaixo. Para ver as soluções para vulneralidades adicionadas mais recentemente que são examinadas pelo WatchMouse, acesse a visão geral das Soluções para vulnerabilidades

Categoria: Windows Fator de risco: Medium Adicionado: 16 Mar 2010
Synopsis:

The remote Skype client is affected by an information disclosure vulnerability.

Description:

According to its timestamp, the version of Skype installed on the remote Windows host fails to sanitize input in its URI handler to its
'/Datapath' argument, which specifies the location of the Skype configuration files and security policy.

If an attacker can trick a user on the affected system into clicking on a specially crafted link, he may be able to have the client use a Datapath location on a remote SMB share. In turn, this could lead to man-in-the-middle attacks or the disclosure of sensitive information, such as call history associated with the user.

See also:

http://www.security-assessment.com/files/advisories/Skype_URI_Handling_Vulnerability.pdf
http://www.securityfocus.com/archive/1/510017/30/0/threaded
https://developer.skype.com/WindowsSkype/ReleaseNotes
http://share.skype.com/sites/garage/2010/03/10/ReleaseNotes_4.2.0.155.pdf

Solution:

Upgrade to Skype 4.2.0.155 or later.

Risk factor:

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)