(LiveHacking.Com) – Noptrix.net has published details of a new a Skype HTML/Javascript code injection vulnerability. Affecting Skype versions <= 5.5.0.113 on Windows (XP, Vista, 7), the advisory describes a persistent code injection vulnerability due to a lack of input validation and output sanitization of home, office and mobile profile entries.
By using this vulnerability an attacker could inject HTML/Javascript code. Noptrix.net has not verified if it’s possible to hijack cookies or to attack the underlying operating system.
I´ve followed the steps of Noptrix (http://packetstormsecurity.org/files/view/104155/skypeinject-xss.txt) and i believe it is possible to hijack the cookies with the help of Fiddler… Someone please correct me if i´m wrong… i´ll update soon 🙂
Yes, it is working fine with the last version in Windows.
All versions of Skype are vulnerable.