CVE-2017-9948

Name of the Vulnerable Software and Affected Versions Microsoft Skype versions 7.2 through 7.36

Description The issue is caused by errors in the MSFTEDIT.dll library, leading to a stack buffer overflow. This can be exploited by a remote attacker to cause a denial of service by copying a specially crafted image file to the clipboard and then pasting it into a Skype dialog window. The vulnerability involves mishandling of remote RDP clipboard content within the message box.

Recommendations For Microsoft Skype versions 7.2 through 7.36, update to version 7.37 or later to resolve the issue.