Here is a cute little URI I found crashing skype on it's latest version (0.98.0.04). It's proboby a buffer overflow of some sort, so, a special crafted URI culd potentionally lead to remote code execution. (would probobly be extreamly hard doing it threw a URI, but still an option) callto://aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/ If you really really want this not to happend to you, u shuld remove the reffering registry entrance to "callto://" in URI's Regards, Hillel Himovich "HLL" HLL@xxxxxxxxxxxxxxxx
