Product: Skype (http://skype.com/)
Affected versions: Linux RPM’s version 0.92.0.12, possibly others. (Linux versions are marked as “BETA”)
Problem Description: During installation a world-writable directory “/usr/share/skype/lang” is created.
Impact: The directory (presumably) contains various language files used by the skype application. An attacker could modify these files. It is unknown if this could be used for attacking local users running the skype application.
Solution: The problem seems to be fixed in version 0.93.0.3, which is currently available for download from the skype website.
– Vendor notified on 19-Nov-2004
– Vendor acknowledged problem within 40 minutes
– Fixed version available since 21-Dec-2004