Skype Bug May Expose Users to Malicious Code

http://www.theregister.co.uk/2011/08/22/skype_security_bug/

"The XSS, or cross-site scripting, vulnerability in Skype 5.5.0.113 is
the result of the voice-over-IP client failing to inspect user-supplied
phone numbers for malicious code, researcher Levent Kayan said. As a
result, attackers might be able to exploit the bug to inject commands or
scripts that hijack the machine running the program.

'An attacker could for example inject HTML/JavaScript code,' Kayan wrote
in an advisory published on Wednesday. 'It has not been verified though,
if it's possible to hijack cookies or to attack the underlying operating
system.' An attacker might also exploit the vulnerability to remotely
execute malicious JavaScript files on external websites, he said."

Please reply back to this ticket if you found this security alert useful.