Forum Thread: Skype "skype-plugin:" URI Handling XML File Deletion Vulnerability

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Vulnerabilities

See the original Secunia advisory:
Skype "skype-plugin:" URI Handling XML File Deletion Vulnerability

Secunia Skype "skype-plugin:" URI Handling XML File Deletion Vulnerability
Secunia Official 15th Mar, 2010 13:53
Ranking: 0
Posts: 0
User Since: -
System Score: -
Location: Copenhagen, DK
A vulnerability has been discovered in Skype, which can be exploited by malicious people to delete certain data on a user's system.

The vulnerability is caused due to an error within the Skype Extras Manager (skypePM.exe) in the handling of "skype-plugin:" URIs. This can be exploited to delete an arbitrary ".xml" file e.g. if a user visits a specially crafted web page.

The vulnerability is confirmed in skypePM.exe version 2.0.0.67 included in Skype for Windows version 4.2.0.155. Other versions may also be affected.

blog.psi2.de RE: Skype "skype-plugin:" URI Handling XML File Deletion Vulnerability
Member 15th Mar, 2010 13:53
Score: 5
Posts: 4
User Since: 6th Mar 2010
System Score: N/A
Location: DE
Last edited on 15th Mar, 2010 13:53
No news at the Skype Security Blog since November 27, 2009:
http://share.skype.com/sites/security/

The Disclosure Timeline mentioned at the ZDI-Advisory starts at July 2009:
"2009-07-14
- Initial report to vendor, no response.
2010-01-07
- Follow-up report, again no response.
2010-01-11
- Received support e-mail with update notice from Skype.
2010-01-11
- We responded the same day stating that the new version does not address our reported bugs.
2010-01-12
- Skype requests more details, specifically a screen shot.
2010-01-12
- We responded the same day. No follow-up response from Skype.
2010-01-19
- We followed up with Skype again who has not been heard from since.
2010-03-11
- Uncoordinated release of public advisory due to failure to communicate, issue remains unresolved. "

Responsible Disclosure won't work without the vendor.

--
Visit my Security-Blog:
http://blog.psi2.de/en (English) or
http://blog.psi2.de (German)
Was this reply relevant?
+5
-0
This user no longer exists RE: Skype "skype-plugin:" URI Handling XML File Deletion Vulnerability
Member 23rd Mar, 2010 21:16
Last edited on 23rd Mar, 2010 21:16 Call me stupid, but how does one Disable the "skype-plugin:" protocol handler?
Was this reply relevant?
+2
-0
tech2gecko RE: Skype "skype-plugin:" URI Handling XML File Deletion Vulnerability
Member 24th Mar, 2010 18:51
Score: 7
Posts: 13
User Since: 1st Feb 2008
System Score: N/A
Location: CA
That might make two of us "stupid". Under Skype tools tab, and advanced button I found a check box that I thought would solve the problem. PSI still reports a vulnerability however.

--
If it ain't broke, tweak it some more
Was this reply relevant?
+1
-0
palisade RE: Skype "skype-plugin:" URI Handling XML File Deletion Vulnerability
Member 24th Mar, 2010 23:50
Score: 37
Posts: 16
User Since: 26th Feb 2010
System Score: N/A
Location: US
Last edited on 24th Mar, 2010 23:50
Steps to remove the Skype browser plugins:

Uninstall Skype (Control Panel -> Uninstall Programs -> Right Click Skype -> Uninstall on Vista/Win7)

Re-download and run the latest installer for Skype

Click Options on the first screen of the Skype Installer

Make sure the plugins are all unchecked (note: not the skype extras manager, this is just for games and other plugins in skype itself)

Click Install

After doing this, you'll notice that Firefox/IE/etc no longer have a plugin installed for Skype. However, I *believe* Secunia PSI still thinks it is there because it is assuming that if you have Skype installed, you also have the plugins installed.

I'm not certain if Skype even makes a plugin for Google Chrome (I don't think they do yet, they don't provide a checkbox in Options for it on their installer) so that is most likely just a false positive in Secunia PSI.

Hope this helps.
Was this reply relevant?
+7
-0

rbyrne

RE: Skype "skype-plugin:" URI Handling XML File Deletion Vulnerability
[+]
This reply has been minimised due to a negative Relevancy Score.
palisade RE: Skype "skype-plugin:" URI Handling XML File Deletion Vulnerability
Member 26th Mar, 2010 00:31
Score: 37
Posts: 16
User Since: 26th Feb 2010
System Score: N/A
Location: US
Last edited on 26th Mar, 2010 00:31
rbyrne, Well to be fair to Secunia, tracking patches is pretty treacherous and difficult to do. And, something like these plugins requires an extra depth of introspection. By that I mean, that it requires twice as much work to check the dependencies or plugins of a program to determine if they're out of date or insecure. Something like this also exponentially multiplies how many checks they have to make to determine if things okay across many different brands of browser products, making the task even more complex. I don't envy them for the sheer amount of work they have to do.

Having said that though, it does seem to take them a few days to catch onto user comments. But, at least they do seem to investigate, verify and take corrective actions when users do start to point out things.

My comment was entirely based on my own assumptions about what is going on, so they would really need to verify that in their lab to be certain. It could be that files are still there even tho the plugins aren't registered that are leftovers of previous installs. I don't know. I am just basing my explanations above on what I think I observed.

It may turn out I was right and they can correct it. Or, maybe something else is causing them to show up. Or, the plugin never really vanished, etc. For now, I feel safe that the plugins aren't on my system anymore and I am just going to assume that Secunia's interface just needs a patch to be able to notice that those files are no longer there.

It is either that or I would need to completely uninstall Skype itself and not install it again to satisfy Secunia. I hope my assumptions are correct so I don't need to be that extreme.

It would be interesting to find out from them if this is or isn't the case. I'd love to get a job there working on this stuff, I really like security. :-D This is the second problem I've caught now, it'd be neat to be on the team and be able to go hey float this one to the top for review I think it might be off.
Was this reply relevant?
+3
-0
vmikhelson RE: Skype "skype-plugin:" URI Handling XML File Deletion Vulnerability
Member 27th Mar, 2010 00:56
Score: 1
Posts: 1
User Since: 27th Mar 2010
System Score: N/A
Location: US
Last edited on 27th Mar, 2010 00:56
Would it be easier to rename the "C:\Program Files\Skype\Plugin Manager\skypePM.exe" for now?

I do not see any adverse effects so far.

-Vladimir
Was this reply relevant?
+3
-2
palisade RE: Skype "skype-plugin:" URI Handling XML File Deletion Vulnerability
Member 31st Mar, 2010 03:35
Score: 37
Posts: 16
User Since: 26th Feb 2010
System Score: N/A
Location: US
Last edited on 31st Mar, 2010 04:15
Changing skypePm.exe to another name doesn't make it vanish from the insecure listings in Secunia PSI for the web browsers and wouldn't make your system safe anyways since the vulnerable program would still be there.

I did just finally realize that the skypePM.exe (the extras manager that I suggested not removing before) was part of the original report and is the URI handler that is has the vulnerability. So, I've revised my uninstalled/reinstall instructions below to note taking that extras manager out, which causes skypePM.exe not to be installed at all.

However, Secunia PSI still thinks the plugin manager is there, because they are equating Skype with the vulnerability instead of the skypePM.exe that was in the original vulnerability report.

Essentially, follow my new uninstall steps here to secure your system, and ignore Secunia's warnings until they release an update.

-- Steps --

Steps to remove the Skype browser plugins:

Uninstall Skype (Control Panel -> Uninstall Programs -> Right Click Skype -> Uninstall on Vista/Win7)

Re-download and run the latest installer for Skype

Click Options on the first screen of the Skype Installer

Make sure the plugins are all unchecked, and also uncheck the skype extras manager (otherwise it installs skypePM.exe).

Click Install

NOTE: It won't make the insecure warning vanish from Secunia, but your system will be safe from exploit via this attack vector.
Was this reply relevant?
+2
-0
aaaaaaaaaaaaaaaaa RE: Skype "skype-plugin:" URI Handling XML File Deletion Vulnerability
Member 31st Mar, 2010 22:42
Score: -5
Posts: 41
User Since: 15th Dec 2008
System Score: N/A
Location: N/A

Fortunately I am not affected, because I never let the Skype to install the browser plug-in. I can interact with Skype using its gui directly very well.
However, I don't understand the workarounds being currently under discussion here in forum.
What is the actual goal? To disable the browser plug-in or to disable the plugin manager?
Was this reply relevant?
+0
-0
tech2gecko RE: Skype "skype-plugin:" URI Handling XML File Deletion Vulnerability
Member 31st Mar, 2010 22:52
Score: 7
Posts: 13
User Since: 1st Feb 2008
System Score: N/A
Location: CA
Problem solved! I uninstalled Skype and will do without until they step up and patch the software. Most of my Skype contacts have also decided to do the same.

--
If it ain't broke, tweak it some more
Was this reply relevant?
+2
-0
palisade RE: Skype "skype-plugin:" URI Handling XML File Deletion Vulnerability
Member 1st Apr, 2010 01:29
Score: 37
Posts: 16
User Since: 26th Feb 2010
System Score: N/A
Location: US
Uninstalling it completely is an overreaction, the only problem here is skypePM.exe. When you install Skype, at the first screen of the installer just click Options and uncheck "Install Skype Extras Manager" and then install. Secunia won't tell you that you're safe now, but you are.
Was this reply relevant?
+1
-0
RxDdude RE: Skype "skype-plugin:" URI Handling XML File Deletion Vulnerability
Member 4th Apr, 2010 12:47
Score: 4
Posts: 33
User Since: 20th Aug 2009
System Score: N/A
Location: US
Last edited on 4th Apr, 2010 12:55
How about this? Avoid the trouble of the Uninstall, just simply delete the offending file, namely, "C:\Program Files\Skype\Plugin Manager\skypePM.exe" from the machine? Just put it where neither PSI nor Skype can find it, so it cannot be exploited. Keep your backup copy on a CD or on a portable drive in case you need to copy it back into Skype ... Shouldn't be susceptible to exploitation if you Cut and Paste it over into Shared Docs, should it?

Another idea - Maybe, in Admin account, go into the Security tab on Properties and take away the Permissions for all your User Accounts that could call it. That is, check the "Deny" boxes. Would that disable the offending file and prevent access for its exploitation? Would Secunia PSI be able to read it?

--
Was this reply relevant?
+2
-0
tech2gecko RE: Skype "skype-plugin:" URI Handling XML File Deletion Vulnerability
Member 4th Apr, 2010 14:14
Score: 7
Posts: 13
User Since: 1st Feb 2008
System Score: N/A
Location: CA
I can assure you the easiest solution was the uninstall option which was completed in four easy mouse clicks :) Yes, many of the suggested work arounds will hide and apparently disable the plugin, but the point of using PSI is the assurance that your browser or program selection is patched and secure. I simply would rather not second guess or do the additional more detailed analysis of the PSI results on a regular basis. On this issue Secunia has proven responsive, Skype has not.


--
If it ain't broke, tweak it some more
Was this reply relevant?
+2
-0
palisade RE: Skype "skype-plugin:" URI Handling XML File Deletion Vulnerability
Member 4th Apr, 2010 18:33
Score: 37
Posts: 16
User Since: 26th Feb 2010
System Score: N/A
Location: US
Sometimes it takes programmers a long time to track down a problem and fix it in a way that won't break other features. If they fixed the problem and push out an update, it could cause other catastrophes that would make you even angrier. I don't fault Skype nor Secunia for not fixing their software in just a few days, sometimes things like this require more time to sort out. They both seem like they're being unresponsive and slow in responding to this problem for different reasons. However, it doesn't mean you should uninstall either one, that is an overreaction, they're both good pieces of software.

In regards to the other post about just deleting the file, or denying permissions. Deleting the file could potentially cause problems during runtime of Skype when it expects it there because there are probably registry values that indicate it is there. Denying permission means the program is still there, and when Secunia does fix their detection routine it wouldn't notice this and would still claim its there. The proper way is to do a full uninstall, full reinstall, and uncheck the extras manager during install by clicking Options on the first screen of the installer. It isn't that many steps to do, and doesn't take very long. If you can't find the effort or time to do it, maybe you can then at least empathize with the amount of work Secunia & Skype have to deal with then. They have to do far more than just change a line of code to get an update to you.

Follow my instructions to make yourself safe, continue using skype & secunia, and be patient until they both resolve their issues. And, don't overreact. I hope this helps.
Was this reply relevant?
+2
-0
tech2gecko RE: Skype "skype-plugin:" URI Handling XML File Deletion Vulnerability
Member 4th Apr, 2010 20:33
Score: 7
Posts: 13
User Since: 1st Feb 2008
System Score: N/A
Location: CA
Thanks for the concern, but I am neither angry or impatient. I am prepared to dig into a fixable problem, and take I that challenge on a regular basis. I understand your proposed solution, but the if the file still exists and is a published vulnerability, it can and will be called by a number of covert means. I understand Secunia can't immediately correct every advisory as understanding of an issue develops. I do however expect at least an acknowledgment of the problem and hopefully a workaround from the vendor (Skype) after this much time has passed. It's a matter of trust and confidence. Please read the timeline posted early in this thread. To ignore the problem does not seem responsible in my view.


--
If it ain't broke, tweak it some more
Was this reply relevant?
+2
-0

tech2gecko

RE: Skype "skype-plugin:" URI Handling XML File Deletion Vulnerability
[+]
This reply has been minimised due to a negative Relevancy Score.
palisade RE: Skype "skype-plugin:" URI Handling XML File Deletion Vulnerability
Member 4th Apr, 2010 21:42
Score: 37
Posts: 16
User Since: 26th Feb 2010
System Score: N/A
Location: US
Last edited on 4th Apr, 2010 21:45
Uninstalling the manager makes the file skypepm.exe vanish from the hard drive, it is not hidden and not still exploitable. The issue here is that Secunia is improperly reporting the entire Skype application as a exploit instead of the skypepm.exe mentioned in the report.

My point was that you would not just ignore the problem by following my advice, but instead fix the problem itself. What you would to ignore after my instructions is the false positive in Secunia after the file is already gone from the hard drive.

I understand that doing this requires a lot of effort and understanding on part of the user so you don't want to have to be keeping track of this sort of thing on a constant basis. However, if its a choice between using an application you really like or need, ala Skype, then the solution provided at least provides safety and protection to the end user while still being able to continue to use the product.

To say you can't use a product, like Skype, if the software developer doesn't fix the problem fast enough then you would likewise feel the same about using Secunia since they haven't solved their false positive yet. What I was trying to point out is that both are good products and bugs like these are not easy to track down and fix without potentially affecting other parts of the program that might cause consternation. Not to mention there is a lot more involved in releasing a product update beyond just changing a line of code.

I'm not saying just be patient, take proactive steps to safeguard your machine with my instructions provided above. Once you have done so, be patient and wait for corrections from both Secunia and Skype.

I'll re-paste the instructions here in case someone starts reading near the end and missed it:

-- Steps --

Steps to remove the Skype browser plugins:

Uninstall Skype (Control Panel -> Uninstall Programs -> Right Click Skype -> Uninstall on Vista/Win7)

Re-download and run the latest installer for Skype

Click Options on the first screen of the Skype Installer

Make sure the plugins are all unchecked, and also uncheck the skype extras manager (otherwise it installs skypePM.exe).

Click Install

NOTE: It won't make the insecure warning vanish from Secunia, but your system will be safe from exploit via this attack vector.
Was this reply relevant?
+3
-0
ch3kan RE: Skype "skype-plugin:" URI Handling XML File Deletion Vulnerability
Member 1st May, 2010 13:30
Score: 3
Posts: 2
User Since: 19th Mar 2010
System Score: N/A
Location: ID
Another approach to remove Skype's URL handler:

1) Run "regedit" via Start -> Run.
2) Open the "HKEY_CLASSES_ROOT" key.
3) Locate the "skype" subkey.
4) Rename to some arbitrary string, for example: "skype_".

For a more detailed description of the URL handler registration see the following article:
http://msdn.microsoft.com/en-us/library/aa767914(VS.85).aspx


on 24th Mar, 2010 23:50, palisade wrote:
Steps to remove the Skype browser plugins:

Uninstall Skype (Control Panel -> Uninstall Programs -> Right Click Skype -> Uninstall on Vista/Win7)

Re-download and run the latest installer for Skype

Click Options on the first screen of the Skype Installer

Make sure the plugins are all unchecked (note: not the skype extras manager, this is just for games and other plugins in skype itself)

Click Install

After doing this, you'll notice that Firefox/IE/etc no longer have a plugin installed for Skype. However, I *believe* Secunia PSI still thinks it is there because it is assuming that if you have Skype installed, you also have the plugins installed.

I'm not certain if Skype even makes a plugin for Google Chrome (I don't think they do yet, they don't provide a checkbox in Options for it on their installer) so that is most likely just a false positive in Secunia PSI.

Hope this helps.



--
Akademik
Was this reply relevant?
+1
-1
palisade RE: Skype "skype-plugin:" URI Handling XML File Deletion Vulnerability
Member 1st May, 2010 19:26
Score: 37
Posts: 16
User Since: 26th Feb 2010
System Score: N/A
Location: US
Last edited on 1st May, 2010 19:46
I am pretty certain you are wrong about that registry setting. I just had a look and it specifically pertains to:

"C:\Program Files (x86)\Skype\Phone\Skype.exe",0

And, not SkypePM.

I think you meant to suggest that they edit

HKEY_CLASSES_ROOT\skype-plugin

That key specifically pertains to skypePM.exe, that would be the one to alter.

I still think for most users, editing the registry is dangerous, as your mistake just proved. It is much safer to uninstall and reinstall using the official Skype installer exe and let it handle removing the registry keys as I suggested in my previous post.

It is also worth noting that renaming the key wouldn't be enough. If hackers read web forums like we do, which they do, they would know to try both skype_plugin and skype_plugin_ and _skype_plugin, etc., and anyone who took your advice would still be vulnerable.

It is also worth mentioning that if the SkypePM.exe is still on the harddrive, a hacker can just perform:

C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe skype-plugin:manage

I don't have an example of the save_pxml vulnerability, because rgod never released information on it, but if he had, you would replace the arguments I typed there with it.
Was this reply relevant?
+1
-0
c0m4r RE: Skype "skype-plugin:" URI Handling XML File Deletion Vulnerability
Member 14th May, 2010 21:37
Score: 0
Posts: 2
User Since: 16th Apr 2010
System Score: N/A
Location: N/A
Last edited on 14th May, 2010 21:37
4 days ago Skype released another version of its program - 4.2.0.166 but still PSI indicates Skype-plugin as insecure.
Was this reply relevant?
+0
-0
pfvincent RE: Skype "skype-plugin:" URI Handling XML File Deletion Vulnerability
Member 30th May, 2010 14:10
Score: 0
Posts: 7
User Since: 4th Oct 2008
System Score: N/A
Location: UK
Can anyone please confirm whether the vulnerability still exists in the latest version, 4.2.0.169, which is still being shown as "Insecure, no solution" by PSI?
Was this reply relevant?
+0
-0
palisade RE: Skype "skype-plugin:" URI Handling XML File Deletion Vulnerability
Member 30th May, 2010 21:41
Score: 37
Posts: 16
User Since: 26th Feb 2010
System Score: N/A
Location: US
Last edited on 10th Jun, 2010 01:59
I've contacted their Support about this issue, we'll see how it pans out. Below is my email to them and the automated response I received in reply.

My support request:
---snip---
Dear Skype Limited,

The report on the vulnerability is here, it has not been resolved since July of 2009:
http://www.zerodayinitiative.com/advisories/ZDI-10...

The public Secunia Advisory released March 2010:
http://secunia.com/advisories/38875

People are wondering, but I don't have any way to tell them if Skype is yet safe.

Part of the reason I can't verify this, is due to rgod / zdi not releasing more information on how to perform the exploit. I am supposing they are trying to protect Skype and their customers by not releasing this information but it makes it impossible to verify if the problem has gone away yet.

I am hoping you have more information on whether the latest version of Skype is affected by this issue anymore.
---snip---


Their automated response:
---snip---
This is an automatically generated email. Please do not reply.

Thanks for contacting Skype.

Just to let you know, we've received the support request you submitted on our website. We'll get back to you with more information in the next 18 hours.

Hold tight!

The people at Skype
---snip---

Here is their final response on the matter:

---snip---
Thank you for contacting Skype Customer Service.

We understand that you wish to know if we have addressed the security problem that you describe.

We can confirm that this particular problem was resolve with Skype 4.2 version which was released to public on 10.03.2010. Users should not be experiencing any such problems in the future.

We hope you found this answer helpful. Should you need any further assistance or have additional questions please do not hesitate to contact us again.

Best regards,
Dmitri
Skype Customer Service
---snip---

My reply:
---snip---
Thank you.
---snip---

Their reply:
---snip---
Thank you for your reply.
You are welcome. Glad we were able to answer your question.

Best regards,
Dmitri
Skype Customer Service
---snip---

My Conclusion So Far:

I can't verify myself that it is closed because there was never any detail released on how to test for the existence of the vulnerability.

Skype Limited claims it is a closed issue, closed back in March by a patch when this Secunia public vulnerability disclosure was also released.

ZeroDayInitiative so far claims it isn't closed and that Skype won't discuss it further with them and so they were required to go public.

Secunia so far claims it isn't closed, and is probably relying on data from ZDI. I also don't think Secunia is closely following this situation, since it is June and they still haven't resolved some false positives I mentioned in earlier posts. I'm not sure if ZDI is paying attention anymore either, and washed their hands when they posted this to the public.

It may very well be that the vulnerability still exists and that Skype thinks that something they patched in the URI handling corrected this as well. I recall that they patched an unrelated URI handling issue, they may be confusing the two on their end; e.g. they corrected one but not both of the problems and consider all things solved without a need to investigate further.

On the other hand, they may have solved it, ZDI could be wrong.

Without any way to verify the exploit still works, I can't prove or disprove either claim.

I may be agnostic.

I've decided to contact ZDI to get their side of the story, just to be thorough:

---snip---
TO: dvlabs@tippingpoint.com

To whom it may concern,

I have recently contacted Skype Limited and they maintain that this advisory:

http://www.zerodayinitiative.com/advisories/ZDI-10...

...was closed back in March.

Could you disclose a method of testing if the vulnerability is still relevant so that researches can verify whether or not Skype's claims that the software has been patched still remain true?
---snip---

Follow-up

My plan now, since it is obvious Secunia isn't paying any attention to this thread, is to contact Secunia directly via email and paste this thread to them so they're aware of what is going on here. And, then see if they plan to do anything about it.

I'll follow up here later with a status of a response or non-response from Secunia regarding this.

---snip---

I sent them the following email via their Support page. I picked "Report Vulnerability" because I wasn't sure if they would read anything else as quickly. My email follows:

---snip---

Regarding the Skype vulnerability located at:
http://secunia.com/advisories/38875/

It has been almost two weeks since I requested more information from the ZeroDayInitiative's research group. It doesn't look like they're going to honor me with any kind of reply. I'm guessing this is the kind of static that Skype Limited was getting from them when they asked for more information on the exploit. This exploit may or may not exist, it has not been proven or demonstrated as it stands now.

I think at this point, it is up to Secunia to prove or disprove it themselves, with their own researchers. If they can't, then this is a false report. If they can, then they can update the report to indicate that the vulnerability has been re-verified and give steps to reproduce which can also be given to Skype Limited to help them to solve the problem.

Skype Limited fixes things very quickly, I think they just haven't been given enough information on this particular problem to be able to resolve it. If it even exists.

Below is a series of back and forth emails regarding the vulnerability. Skype claims it is closed, ZDI won't respond, and we're left without a clue of whether or not this issue is truly closed.

[inserted my research so far]

---snip---

Secunia's reply:

---snip---

from Secunia Research <vuln@secunia.com>
sender-time Sent at 11:37 AM (GMT+02:00). Current time there: 1:57 AM. &#9990;
date Wed, Jun 9, 2010 at 11:37 AM
subject SA38875
mailed-by secunia.com

Hello,

Thank you for contacting us about this.

Before issuing SA38875, Secunia confirmed the vulnerability in version
4.2.0.155 listed as vulnerable in our advisory.

We have just tested the latest version (4.2.0.169) and can no longer
confirm the vulnerability. We have, therefore, updated SA38875 to a
patched state even though no official report is available from the
vendor about the vulnerability fix.

Kind Regards,

--
Alin Rad Pop
Senior Security Specialist

---snip---
Was this reply relevant?
+6
-0

petersavoy

RE: Skype "skype-plugin:" URI Handling XML File Deletion Vulnerability
[+]
This reply has been minimised due to a negative Relevancy Score.

petersavoy

RE: Skype "skype-plugin:" URI Handling XML File Deletion Vulnerability
[+]
This reply has been minimised due to a negative Relevancy Score.