While Skype issued a low-priority patch at the time, a 28-year-old Armenian-based security engineer, Levent "noptrix" Kayan, claimed on Wednesday night that a similar XSS vulnerability existed elsewhere in Skype's software. He said that the failure to sanitise certain user information or the output rendered in Skype clients could still allow code to be executed.
In particular, Kayan claimed that he could see remote users' session information, which he said a malicious user could utilise to masquerade as the remote user and make calls on their account. He also said it could be used to take advantage of other holes, possibly allowing full control over the PC. Both of the latest versions of Windows and Mac clients are affected.
LINK TO OUR HOME PAGE :