Microsoft Skype 'MSFTEDIT.DLL' Buffer Overflow Vulnerability

Microsoft Skype is prone to a local buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

Attackers can exploit this issue to crash the application, resulting in a denial-of-service condition. Due to the nature of this issue, code execution may be possible but this has not been confirmed.

Microsoft Skype 7.2, 7.35, 7.3.5.103, 7.36.0.101, 7.36.0.150, and 7.36 are vulnerable; other versions may also be affected.

Information

Bugtraq ID: 99281
Class: Boundary Condition Error
CVE:
Remote: No
Local: Yes
Published: Jun 26 2017 12:00AM
Updated: Jun 26 2017 12:00AM
Credit: Benjamin Kunz Mejri
Vulnerable: Microsoft Skype 7.36.0.150
Microsoft Skype 7.36.0.101
Microsoft Skype 7.36
Microsoft Skype 7.35
Microsoft Skype 7.3.5.103
Microsoft Skype 7.2

Not Vulnerable:

Exploit

The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.

References:

• Microsoft Homepage (Microsoft)
  
• Microsoft Skype v7.3.6 - Stack Buffer Overflow Vulnerability (Vulnerability Laboratory)
  
• Stack Buffer Overflow Zero Day Vulnerability uncovered in Microsoft Skype v7.2, (Vulnerability Laboratory)
  

Source: www.securityfocus.com