{"id":290,"date":"2007-12-09T20:58:15","date_gmt":"2007-12-09T23:58:15","guid":{"rendered":"https:\/\/www.talsoft-security.com\/site\/?p=290"},"modified":"2007-12-09T20:58:15","modified_gmt":"2007-12-09T23:58:15","slug":"ejecucion-remota-de-codigo-a-traves-en-skype","status":"publish","type":"post","link":"https:\/\/www.talsoft-security.com\/site\/ejecucion-remota-de-codigo-a-traves-en-skype\/","title":{"rendered":"Ejecuci\u00c3\u00b3n remota de c\u00c3\u00b3digo a trav\u00c3\u00a9s en Skype"},"content":{"rendered":"<p>Se ha encontrado una vulnerabilidad en Skype, el popular software de VoIP (Voice over IP), que podr\u00c3\u00ada ser explotada por un atacante remoto para ejecutar c\u00c3\u00b3digo arbitrario, y de esa forma lograr el compromiso por completo del sistema afectado. El problema est\u00c3\u00a1 causado por un error en el manejador de URIs skype4com al procesar valores cortos de cadenas. Skype4com se crea durante el proceso de instalaci\u00c3\u00b3n de Skype. La vulnerabilidad podr\u00c3\u00ada ser explotada por un atacante remoto para corromper la memoria heap, lo que podr\u00c3\u00ada ser aprovechado por dicho atacante para llevar a cabo ejecuci\u00c3\u00b3n de c\u00c3\u00b3digo arbitrario en el sistema con los permisos del usuario ejecutando Skype. Para que la vulnerabilidad sea explotable, es necesario que el usuario visite una p\u00c3\u00a1gina web maliciosa. La vulnerabilidad fue notificada por un investigador an\u00c3\u00b3nimo a Skype Technologies el pasado d\u00c3\u00ada 2 de Noviembre y est\u00c3\u00a1 confirmada para todas las versiones anteriores a la 3.6 Gold, que vio la luz el pasado d\u00c3\u00ada 15. Una vez m\u00c3\u00a1s Skype ha cerrado la vulnerabilidad sin informar a sus usuarios (la \u00c3\u00baltima alerta de seguridad publicada por la compa\u00c3\u00b1\u00c3\u00ada data de Octubre de 2006). Los usuarios de Skype pudieron enterarse del problema el d\u00c3\u00ada de ayer en Zero Day Initiative, una web especializada en publicar las vulnerabilidades descubiertas de forma responsable, una vez que ya han sido parcheadas. Se recomienda actualizar a Skype 3.6 Gold o superior. En la actualidad, la \u00c3\u00baltima versi\u00c3\u00b3n disponible desde la p\u00c3\u00a1gina web del fabricante es la 3.6.0.216, que se puede descargar desde: http:\/\/www.skype.com\/go\/downloading Se recomienda no visitar ning\u00c3\u00ban enlace ni p\u00c3\u00a1gina web de dudosa procedencia.<\/p>\n<p>Fuente: Hispasec<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Se ha encontrado una vulnerabilidad en Skype, el popular software de VoIP (Voice over IP), que podr\u00c3\u00ada ser explotada por un atacante remoto para ejecutar c\u00c3\u00b3digo arbitrario, y de esa forma lograr el compromiso por completo del sistema afectado. El problema est\u00c3\u00a1 causado por un error en el manejador de URIs skype4com al procesar valores [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"categories":[4,1],"tags":[],"class_list":["post-290","post","type-post","status-publish","format-standard","hentry","category-noticias","category-profesional"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.6 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>TalSoft - Seguridad Inform\u00e1tica Empresarial - Ejecuci\u00c3\u00b3n remota de c\u00c3\u00b3digo a trav\u00c3\u00a9s en Skype<\/title>\n<meta name=\"description\" content=\"Talsoft transforma la visi\u00f3n de las empresas para que puedan proteger su informaci\u00f3n cr\u00edtica y confidencial frente ataques inform\u00e1ticos. Cons\u00faltenos sin cargo.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.talsoft-security.com\/site\/ejecucion-remota-de-codigo-a-traves-en-skype\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Leandro Ferrari\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/ejecucion-remota-de-codigo-a-traves-en-skype\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/ejecucion-remota-de-codigo-a-traves-en-skype\/\"},\"author\":{\"name\":\"Leandro Ferrari\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#\/schema\/person\/83d2ebde035a5a030c14e522351953c8\"},\"headline\":\"Ejecuci\u00c3\u00b3n remota de c\u00c3\u00b3digo a trav\u00c3\u00a9s en Skype\",\"datePublished\":\"2007-12-09T23:58:15+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/ejecucion-remota-de-codigo-a-traves-en-skype\/\"},\"wordCount\":297,\"publisher\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#organization\"},\"articleSection\":[\"Noticias\",\"Profesional\"],\"inLanguage\":\"en-GB\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/ejecucion-remota-de-codigo-a-traves-en-skype\/\",\"url\":\"https:\/\/www.talsoft-security.com\/site\/ejecucion-remota-de-codigo-a-traves-en-skype\/\",\"name\":\"TalSoft - Seguridad Inform\u00e1tica Empresarial - Ejecuci\u00c3\u00b3n remota de c\u00c3\u00b3digo a trav\u00c3\u00a9s en Skype\",\"isPartOf\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#website\"},\"datePublished\":\"2007-12-09T23:58:15+00:00\",\"description\":\"Talsoft transforma la visi\u00f3n de las empresas para que puedan proteger su informaci\u00f3n cr\u00edtica y confidencial frente ataques inform\u00e1ticos. Cons\u00faltenos sin cargo.\",\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.talsoft-security.com\/site\/ejecucion-remota-de-codigo-a-traves-en-skype\/\"]}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#website\",\"url\":\"https:\/\/www.talsoft-security.com\/site\/\",\"name\":\"TalSoft TS - Services IT Security\",\"description\":\"Talsoft is transforming awareness, control and decision-making power so that companies can protect their critical and confidential information from computer attacks.\",\"publisher\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.talsoft-security.com\/site\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#organization\",\"name\":\"Talsoft TS\",\"url\":\"https:\/\/www.talsoft-security.com\/site\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.talsoft-security.com\/site\/wp-content\/uploads\/2014\/02\/talsoft_logo_270x125.png\",\"contentUrl\":\"https:\/\/www.talsoft-security.com\/site\/wp-content\/uploads\/2014\/02\/talsoft_logo_270x125.png\",\"width\":270,\"height\":125,\"caption\":\"Talsoft TS\"},\"image\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"http:\/\/www.facebook.com\/talsoftsrl\",\"https:\/\/x.com\/talsoft\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#\/schema\/person\/83d2ebde035a5a030c14e522351953c8\",\"name\":\"Leandro Ferrari\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/cd259c10675b9fd302b2e6264231febeeeb3de578400cf8c91c6577e50a0d34a?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/cd259c10675b9fd302b2e6264231febeeeb3de578400cf8c91c6577e50a0d34a?s=96&d=mm&r=g\",\"caption\":\"Leandro Ferrari\"},\"sameAs\":[\"http:\/\/www.talsoft.com.ar\",\"https:\/\/www.facebook.com\/talsoftsrl\/\",\"https:\/\/x.com\/avatar_leandro\"],\"url\":\"https:\/\/www.talsoft-security.com\/site\/author\/leandro\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"TalSoft - Seguridad Inform\u00e1tica Empresarial - Ejecuci\u00c3\u00b3n remota de c\u00c3\u00b3digo a trav\u00c3\u00a9s en Skype","description":"Talsoft transforma la visi\u00f3n de las empresas para que puedan proteger su informaci\u00f3n cr\u00edtica y confidencial frente ataques inform\u00e1ticos. Cons\u00faltenos sin cargo.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.talsoft-security.com\/site\/ejecucion-remota-de-codigo-a-traves-en-skype\/","twitter_misc":{"Written by":"Leandro Ferrari","Estimated reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.talsoft-security.com\/site\/ejecucion-remota-de-codigo-a-traves-en-skype\/#article","isPartOf":{"@id":"https:\/\/www.talsoft-security.com\/site\/ejecucion-remota-de-codigo-a-traves-en-skype\/"},"author":{"name":"Leandro Ferrari","@id":"https:\/\/www.talsoft-security.com\/site\/#\/schema\/person\/83d2ebde035a5a030c14e522351953c8"},"headline":"Ejecuci\u00c3\u00b3n remota de c\u00c3\u00b3digo a trav\u00c3\u00a9s en Skype","datePublished":"2007-12-09T23:58:15+00:00","mainEntityOfPage":{"@id":"https:\/\/www.talsoft-security.com\/site\/ejecucion-remota-de-codigo-a-traves-en-skype\/"},"wordCount":297,"publisher":{"@id":"https:\/\/www.talsoft-security.com\/site\/#organization"},"articleSection":["Noticias","Profesional"],"inLanguage":"en-GB"},{"@type":"WebPage","@id":"https:\/\/www.talsoft-security.com\/site\/ejecucion-remota-de-codigo-a-traves-en-skype\/","url":"https:\/\/www.talsoft-security.com\/site\/ejecucion-remota-de-codigo-a-traves-en-skype\/","name":"TalSoft - Seguridad Inform\u00e1tica Empresarial - Ejecuci\u00c3\u00b3n remota de c\u00c3\u00b3digo a trav\u00c3\u00a9s en Skype","isPartOf":{"@id":"https:\/\/www.talsoft-security.com\/site\/#website"},"datePublished":"2007-12-09T23:58:15+00:00","description":"Talsoft transforma la visi\u00f3n de las empresas para que puedan proteger su informaci\u00f3n cr\u00edtica y confidencial frente ataques inform\u00e1ticos. Cons\u00faltenos sin cargo.","inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.talsoft-security.com\/site\/ejecucion-remota-de-codigo-a-traves-en-skype\/"]}]},{"@type":"WebSite","@id":"https:\/\/www.talsoft-security.com\/site\/#website","url":"https:\/\/www.talsoft-security.com\/site\/","name":"TalSoft TS - Services IT Security","description":"Talsoft is transforming awareness, control and decision-making power so that companies can protect their critical and confidential information from computer attacks.","publisher":{"@id":"https:\/\/www.talsoft-security.com\/site\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.talsoft-security.com\/site\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Organization","@id":"https:\/\/www.talsoft-security.com\/site\/#organization","name":"Talsoft TS","url":"https:\/\/www.talsoft-security.com\/site\/","logo":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.talsoft-security.com\/site\/#\/schema\/logo\/image\/","url":"https:\/\/www.talsoft-security.com\/site\/wp-content\/uploads\/2014\/02\/talsoft_logo_270x125.png","contentUrl":"https:\/\/www.talsoft-security.com\/site\/wp-content\/uploads\/2014\/02\/talsoft_logo_270x125.png","width":270,"height":125,"caption":"Talsoft TS"},"image":{"@id":"https:\/\/www.talsoft-security.com\/site\/#\/schema\/logo\/image\/"},"sameAs":["http:\/\/www.facebook.com\/talsoftsrl","https:\/\/x.com\/talsoft"]},{"@type":"Person","@id":"https:\/\/www.talsoft-security.com\/site\/#\/schema\/person\/83d2ebde035a5a030c14e522351953c8","name":"Leandro Ferrari","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.talsoft-security.com\/site\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/cd259c10675b9fd302b2e6264231febeeeb3de578400cf8c91c6577e50a0d34a?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/cd259c10675b9fd302b2e6264231febeeeb3de578400cf8c91c6577e50a0d34a?s=96&d=mm&r=g","caption":"Leandro Ferrari"},"sameAs":["http:\/\/www.talsoft.com.ar","https:\/\/www.facebook.com\/talsoftsrl\/","https:\/\/x.com\/avatar_leandro"],"url":"https:\/\/www.talsoft-security.com\/site\/author\/leandro\/"}]}},"_links":{"self":[{"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/posts\/290","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/comments?post=290"}],"version-history":[{"count":0,"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/posts\/290\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/media?parent=290"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/categories?post=290"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/tags?post=290"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}