Miroslav Lucinskij

**Name of the Vulnerable Software and Affected Versions** Skype versions 3.5.x and earlier, Skype versions 3.6.0 through 3.6.0.244 **Description** The issue allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Title field of a movie in the Skype video gallery. This can be achieved through a search within the "Add video to chat" dialog. **Recommendations** For Skype versions 3.5.x and earlier, and Skype versions 3.6.0 through 3.6.0.244, consider avoiding the use of the "Add video to chat" dialog until a fix is available. As a temporary workaround, restrict access to the Skype video gallery to minimize the risk of exploitation.