CVE-2004-1114

Name of the Vulnerable Software and Affected Versions: Skype versions 1.0.x.94 through 1.0.x.98

Description: The issue is related to a buffer overflow in the handling of command line arguments, specifically when processing a callto:// URL with a long non-existent username. This allows remote attackers to execute arbitrary code, resulting in a loss of integrity. The application fails to perform proper bounds checking, leading to the buffer overflow. A specially crafted callto:// URI request with a non-existent username of 4,096 bytes or more can cause arbitrary code execution.

Recommendations: For Skype versions 1.0.x.94 through 1.0.x.98, consider disabling the handling of callto:// URLs or restricting access to this feature until a patch is available. As a temporary workaround, avoid using long usernames in callto:// URLs to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.