Skype Technologies Skype 1.5 - NSRunAlertPanel Remote Format String

EDB-ID:

28710




Platform:

OSX

Date:

2006-09-26


source: https://www.securityfocus.com/bid/20218/info

Skype is prone to a remote format-string vulnerability because the application fails to properly sanitize user-supplied input before using it in the format-specification argument of a formatted-printing function.

Exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the affected application, potentially facilitating the remote compromise of affected computers.

Skype 1.5.0.79 and prior versions for Apple Mac OS X are vulnerable to this issue.

IFRAME SRC=skype:%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n