Skype's vulnerability could hit you in Hotspots

Israeli-based Security researcher Aviv Raff has discovered a weakness in Skype's way of rendering internal and external HTML pages that makes it particularly vulnerable to hackers.

Skype runs HTML pages in a non locked local zone mode which means that whoever is able to inject malicious code in one page rendered in the local zone could potentially execute code on the user's computer.

A proof of concept was made public by Raff and a fellow researcher Miroslav Lucinskij with more information available in a Skype security bulletin entitled "Skype Cross Zone Scripting Vulnerability".

Arstechnica reports that although this would require malware authors to find a trusted site which can be infected via a cross-zone scripting error, it is not particularly difficult to find such sites.

Computerworld mentions Security researcher and Penetration tester Petko Petkov who pointed to how easy it was to build an attack, "When a given resource executes within the Local Zone context, all sorts of things are possible like, including but not only, reading/writing files from the local disc and launching executables through the WSH primitives."

The vulnerability affects all versions of Windows-based Skype including the most up to date 3.6 and gave it a score of 10, the highest rating allowed.

The only way to make sure that your computer is not compromised is not to search for videos within Skype for a foreseeable future.