CVE-2017-9948 – Severe Skype Flaw, Patch Now to Latest Version

CVE-2017-9948 is a stack buffer overflow vulnerability recently discovered in Microsoft Skype 7.2, 7.35, and 7.36 before 7.37. The Skype flaw involves MSFTEDIT.DLL mishandling of remote RDP clipboard content within the message box, as explained by researchers. The highly severe vulnerability was disclosed on 16th of May, 2017, as apparent by the following documentation.

Related Story: Skype Accounts Hacked Easily Regardless of Microsoft’s Two-Factor Protection

CVE-2017-9948 Technical Details

This Skype vulnerability is remotely exploitable via a session or by local interaction. The issue resides in the print clipboard format & cache transmit via remote session. Affected systems are Windows XP, Windows 7, Windows 8 and Windows 10. Keep in mind that the vulnerability was addressed and patched in Skype v7.37.

In short, the flaw allows to crash the Skype app with an unexpected exception error which overwrites the active process registers to execute malicious code.

The security vulnerability is located in the `clipboard format` function of the skype software. Attackers are able to use a remote computer system with a shared clipboard, to provoke a stack buffer overflow on transmittion to skype. The issue affects the `MSFTEDIT.DLL` dynamic link library of the windows8 (x86) operating system. The limitation of the transmitted size and count for images via print of the remote session clipboard has no secure limitations or restrictions.

Related Story: Remove Goo(.)gl Skype Spamming Virus Completely

CVE-2017-9948 allows local or remote attackers to execute own codes on the affected and connected systems via Skype.

CVE-2017-9948 Fixed in v7.2, v7.3.5 & v7.3.6 Skype Versions

In a software update of the v7.2, v7.3.5 & v7.3.6 version of Skype, a limitation has been implemented for the clipboard function”, researchers explain. Users of older versions of Skype are advised to update to the latest version as soon as possible to avoid becoming victims of malicious attacks.

Also, it’s important to note that the security risk associated with this flaw is high, as the exploitation of the buffer overflow software vulnerability requires no user interaction and only a low privilege Skype user account.

Milena Dimitrova

An inspired writer, focused on user privacy and malicious software. Enjoys 'Mr. Robot' and fears '1984'.

More Posts - Website

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.