PT-2017-2287 · Microsoft · Skype
Benjamin Kunz Mejri
·
Published
2017-06-26
·
Updated
2017-07-05
·
CVE-2017-9948
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Microsoft Skype versions 7.2 through 7.36
Description
The issue is caused by errors in the MSFTEDIT.dll library, leading to a stack buffer overflow. This can be exploited by a remote attacker to cause a denial of service by copying a specially crafted image file to the clipboard and then pasting it into a Skype dialog window. The vulnerability involves mishandling of remote RDP clipboard content within the message box.
Recommendations
For Microsoft Skype versions 7.2 through 7.36, update to version 7.37 or later to resolve the issue.
Exploit
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Skype