Bill Brenner of SearchSecurity.com writes:
Skype Technologies S.A. recommends users update their software to fix “high-risk” security holes attackers could exploit to cause a denial-of-service or launch malicious code. The vulnerabilities affect Skype software for Windows, Mac OS X, Linux and Pocket PC.
The Luxembourg-based Internet telephony service provider, which allows users to make free calls between computers or low-cost calls to regular telephones not connected to the Internet, said one problem is that “Skype can be made to execute arbitrary code through a buffer overflow when Skype is called upon to handle malformed URLs that are in Skype-specific URI types callto:// and skype://.” Skype could also be used to launch malicious code “during importation of a VCARD that is in a specific non-standard format…
[Continue reading High-risk flaws in Skype]