Noptrix.net has published details of a new a Skype HTML/Javascript code injection vulnerability. Affecting Skype versions <= 5.5.0.113 on Windows (XP, Vista, 7), the advisory describes a persistent code injection vulnerability due to a lack of input validation and output sanitization of home, office and mobile profile entries.

By using this vulnerability an attacker could inject HTML/Javascript code. Noptrix.net has not verified if it’s possible to hijack cookies or to attack the underlying operating system.

Skype Injection Proof of concept: