News Document Title:
====================
Noptrix released new persistent Skype Vulnerability


Release Date:
=============
2011-08-19


Laboratory Article:
===================
A persistent input validation vulnerability is detected on Skype (VoIP) 5.5.x 5.3.x Windows & Macos.
The vulnerability allows an remote attacker to implement malicious persistent script code over an input field (phone number entries)
on the user profile settings. The successfully exploitation of the vulnerability allows an attacker to hijack customer 
sessions or can lead to malicous persistent script code execution over the review display listing of the User Profil.

Vulnerable Module(s):

			[+] Profile Input Field - Home & office
            		[+] Profile Input Field - Mobile & Office Phone
            		[+] Profile Input Field - Website URL

Affected:
			[+] Profile Card - Listing

Risk:
The security risk of the  persistent input validation vulnerabilities are estimated as medium(+).


News/Press:
http://www.golem.de/1108/85829.html
http://www.gulli.com/news/16891-skype-mit-neuer-sicherheitsluecke-2011-08-18
http://www.noptrix.net/advisories/skype_inject.txt