Skype Technologies » Skype : Security Vulnerabilities, CVEs, Published In 2007

Unspecified vulnerability in the skype4com URI handler in Skype before 3.6 GOLD allows remote attackers to execute arbitrary code via "short string values" that result in heap corruption.

Unspecified vulnerability in Skype allows remote attackers to cause a denial of service (server hang) via unknown vectors related to sending long URIs, as claimed to be actively exploited on 20070817 using a "call to a specific number." NOTE: this identifier is for the en.securitylab.ru disclosure. According to the vendor, this issue is separate from the "sign-on issues" that reduced Skype service on 20070817, which appears to be a site-specific problem. As of 20070821, it is not clear whether this issue is simply a symptom of the larger sign-on problem.