November 29, 2015

Skype Code Injection Vulnerability

(LiveHacking.Com) – has published details of a new a Skype HTML/Javascript code injection vulnerability. Affecting Skype versions <= on Windows (XP, Vista, 7), the advisory describes a persistent code injection vulnerability due to a lack of input validation and output sanitization of home, office and mobile profile entries.

By using this vulnerability an attacker could inject HTML/Javascript code. has not verified if it’s possible to hijack cookies or to attack the underlying operating system.

Share and Enjoy:
  • Print
  • Digg
  • StumbleUpon
  • Facebook
  • Yahoo! Buzz
  • Twitter
  • Google Bookmarks


  1. I´ve followed the steps of Noptrix ( and i believe it is possible to hijack the cookies with the help of Fiddler… Someone please correct me if i´m wrong… i´ll update soon :)

  2. Yes, it is working fine with the last version in Windows.

  3. All versions of Skype are vulnerable.