News

Skype Bug Allows Hackers to Remotely Execute Malicious Code


There have been a lot of stories circulating over the past several days about malware, ransomware and security threats present throughout cyberspace. The Wikileaks Vault 7 release of “Elsa”, the spreading ransomware “Peyta”, the Shadow Brokers monthly dump right here on Steemit and now you can add a security bug in Skype to the list.

German researchers have discovered a crucial vulnerability in Skype that can potentially allow hackers to execute malicious code.

A critical vulnerability has been discovered in Microsoft-owned most popular free web messaging and voice calling service Skype that could allow hackers to remotely execute malicious code and crash systems.

Security researcher Benjamin Kunz-Mejri from Germany-based security firm Vulnerability Lab discovered the previously unknown stack buffer overflow vulnerability, which is documented in CVE-2017-9948, in Skype Web’s messaging and call service during a team conference call.

The vulnerability is considered a high-security risk with a 7.2 CVSS score and affects Skype versions 7.2, 7.35, and 7.36 on Windows XP, Windows 7 and Windows 8, Mejri said in a public security disclosure published on Monday.

“The issue can be exploited remotely via session or by local interaction. The problem is located in the print clipboard format & cache transmit via remote session on Windows XP, Windows 7, Windows 8 and Windows 10. In Skype v7.37 the vulnerability is patched,” the security firm wrote.


How It Works

According to the vulnerability report, attackers can craft a malicious image file and then copy and paste it from a clipboard of a computer system into a conversation window in the Skype application.

Once this image is hosted on a clipboard on both the remote and the local systems, Skype experiences a stack buffer overflow, causing errors and crashing the application, which left the door open for more exploits.


Protection

The exploit was brought to the attention of Microsoft, Skype’s parent company, in early May 2017 and a patch was released by the software giant on June 8th.

If you’re running Skype

  • Make sure you are running the latest addition which includes the security patch that will ensure you are protected from vulnerability.
  • Skype version 7.37.178. (or higher)
  • Call your mother and tell her you love her (optional)

 

The Latest

To Top