[原文]A "range check error" in Skype for Windows before 0.98.0.28 allows local and remote attackers to cause a denial of service (application crash) via long command line arguments or a long callto:// URL, a different vulnerability than CVE-2004-1114.
Discovery of this vulnerability is credited to Hillel Himovich <email@example.com>.
Skype Technologies Skype 0.98.0.04
Skype is reported to be prone to a buffer overrun vulnerability.
The vulnerability is reported to occur due to a lack of bounds checking performed on "callto://" URI data, when a callto URI is followed.
This may result in the corruption of sensitive regions of memory. Ultimately, it is conjectured that this issue may be exploited to execute arbitrary code in the context of a user who follows a malicious URI.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: firstname.lastname@example.org <mailto:email@example.com>.
The vendor has released an update to address this issue: