Description: Several vulnerabilities were reported in Microsoft Internet Explorer, affecting Windows XP SP2. A remote user can take full control of the target user's system.
Finjan issued a press release reporting several vulnerabilities in Microsoft Windows XP SP2. According to the report, a remote user can create a specially crafted web page that, when loaded by the target user, will silently take full control of the target user's system.
It is reported that a remote user can access files on the target user's system, execute scripting code in the local computer zone, and bypass the SP file download warning mechanism to cause arbitrary code to be downloaded to the target user's computer without any warning to the target user.
No further details were provided.
In a ComputerWorld article, Microsoft was quoted as questioning the accuracy of the Finjan claims.
Impact: A remote user can bypass the file download security mechanism in Windows XP SP2 and can execute arbitrary scripting code in the local computer zone to take full control of the target user's system.
Solution: No solution was available at the time of this entry.
Skype "callto:" URI Handler Buffer Overflow Vulnerability
A vulnerability has been reported in Skype, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error within the handling of command line arguments. This can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into visiting a malicious web site, which passes an overly long string (more than 4096 bytes) to the "callto:" URI handler.
Successful exploitation may allow execution of arbitrary code.
The vulnerability affects versions 1.0.*.95 through 1.0.*.98.
Update to version 18.104.22.168.