-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ----- Start of announcement -----

June 15, 2004
SKYPE SECURITY ADVISORY
SSA-2004-01: CALLTO HANDLING RANGE CHECK ERROR

Overview

    Early versions of Skype for Windows contain a range check
    error vulnerability that could possibly allow a remote attacker
    to crash a Skype instance.
    
    
Systems Affected

    Microsoft Windows systems running
      Skype for Windows versions earlier than 0.98.0.28


I. Description

    A range check error exists in the way Skype parses command-line
    arguments. If Skype is executed with a command line longer than
    approximately 255 characters, Skype would report an Access
    Violation and terminate.
    
    The vulnerability can not be used for malicious code execution.


II. Impact

    By inducing a user to click on a specially crafted callto: URL
    on a web page or in an HTML e-mail message, an attacker could
    cause Skype to crash.


III. Solution

    Upgrade to Skype for Windows 0.98.0.28 or higher.

    http://www.skype.com/download/


IV. Credit

    Skype thanks Hillel Himovich for discovering and reporting this
    issue.


Contact

    The security of users is Skype's highest priority. You can
    contact Skype Product Security Incident Response Team (PSIRT)
    by e-mailing security@skype.net. Past advisories and the Skype
    PSIRT PGP key are available at http://www.skype.com/security/.

- ----- End of announcement ----- 

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3

iQA/AwUBQZth1OQJFIMBnbtDEQLlfACgwJPJFSUA7ybBLZpRwB61jCcADckAoOYX
XzdhQcyE4ju1LgJO288FaWyd
=j3p5
-----END PGP SIGNATURE-----