The EADS/CRC security team discovered a flaw in Skype client. An attacker can send a specially crafted packet that will trigger a heap overflow condition and execute arbitrary code on the target. Hence, an attacker can gain full control of the target. Conversely to what is written in Skype’s advisory, remote code execution IS possible. Affected Versions: Skype for Windows – All releases prior to and including 1.4.*.83, Skype for Mac OS X – All releases prior to and including 1.3.*.16, Skype for Linux – All releases prior to and including 1.2.*.17, Skype for Pocket PC – All releases prior to and including 1.1.*.6.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/40993/skypeRealData.txt
Source: https://packetstormsecurity.com/files/40993/skypeRealData.txt.html