Zero Day Initiative Advisory 10-028 – This vulnerability allows remote attackers to remove arbitrary XML files on vulnerable installations of Skype. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in Skype’s handling of the ‘skype-plugin:’ protocol. An attacker can specify a malicious URI, that upon clicking, will trigger the deletion of an arbitrary attacker specified XML file.
.::anti-abuse.com::.
Security Revealed
Advertisments
Popular Tags
Recent Entries
- Info World: AT&T won’t stop Black Hat demo of cell phone eavesdropping “The operator denies rumors it will try to block a hacker’s demonstration of cell phone call interception at the Black Hat conference”
- c|net: Black Hat shines light on security (roundup)
- Bugtraq: CFP NcN 2010
- Bugtraq: [security bulletin] HPSBUX02556 SSRT100014 rev.2 – HP-UX Running rpc.ttdbserver, Remote Execution of Arbitrary Code
- Spotlight on Linux: SimplyMEPIS 8.5.x
- Infocon: green
- Web Traffic Analysis with httpry, (Fri, Jul 30th)
- Bugtraq: [HITB-Ann] Reminder: HITB2010 Malaysia Call for Papers Closing August 9th
- 6 Ways to Make Sure Your Sex Life Stays Private
- Information Security Investigator: BlackHat 2010 Video! The ATM Hack and Jackpot
Recent Comments
- Keine Kommentare vorhanden.
Social Network
| M | T | W | T | F | S | S |
|---|---|---|---|---|---|---|
| « Feb | Apr » | |||||
| 1 | 2 | 3 | 4 | 5 | 6 | 7 |
| 8 | 9 | 10 | 11 | 12 | 13 | 14 |
| 15 | 16 | 17 | 18 | 19 | 20 | 21 |
| 22 | 23 | 24 | 25 | 26 | 27 | 28 |
| 29 | 30 | 31 | ||||
No user commented in " ZDI-10-028.txt "
Follow-up comment rss or Leave a Trackback