CVE-2017-9948: Microsoft Skype ‘MSFTEDIT.DLL’ Buffer Overflow Vulnerability

Description: A stack buffer overflow vulnerability has been discovered in Microsoft Skype 7.2, 7.35, and 7.36 before 7.37, involving MSFTEDIT.DLL mishandling of remote RDP clipboard content within the message box.

Impact: Attackers can exploit this issue to crash the application, resulting in a denial-of-service condition. Due to the nature of this issue, code execution may be possible but this has not been confirmed. Microsoft Skype 7.2, 7.35, 7.3.5.103, 7.36.0.101, 7.36.0.150, and 7.36 are vulnerable; other versions may also be affected.

Mitigation: Updates are available. Please check specific vendor advisory for more information.

Reference URL’s:

• https://www.vulnerability-lab.com/get_content.php?id=2071
• https://www.vulnerability-db.com/?q=articles/2017/05/28/stack-buffer-overflow-zero-day-vulnerability-uncovered-microsoft-skype-v72-v735
• http://www.cvedetails.com/cve/CVE-2017-9948/
• http://www.securityfocus.com/bid/99281/info
• https://www.skype.com/en/download-skype/skype-for-windows/downloading/

Recommended Posts

Critical Vulnerability in Sophos Firewall

26 Sep 2022 - Security Advisories & Alerts

Researchers Uncover a New Metador APT Targeting Telcos, ISPs, and Universities.

26 Sep 2022 - Security Advisories & Alerts, Uncategorized

High-Severity Firmware Security Flaws Left Unpatched in HP Enterprise Devices

13 Sep 2022 - Security Advisories & Alerts