CVE-2017-9948: Microsoft Skype ‘MSFTEDIT.DLL’ Buffer Overflow Vulnerability

by CIRT Team

Description: A stack buffer overflow vulnerability has been discovered in Microsoft Skype 7.2, 7.35, and 7.36 before 7.37, involving MSFTEDIT.DLL mishandling of remote RDP clipboard content within the message box.

Impact: Attackers can exploit this issue to crash the application, resulting in a denial-of-service condition. Due to the nature of this issue, code execution may be possible but this has not been confirmed. Microsoft Skype 7.2, 7.35, 7.3.5.103, 7.36.0.101, 7.36.0.150, and 7.36 are vulnerable; other versions may also be affected.

Mitigation: Updates are available. Please check specific vendor advisory for more information.

Reference URL’s:

• https://www.vulnerability-lab.com/get_content.php?id=2071
• https://www.vulnerability-db.com/?q=articles/2017/05/28/stack-buffer-overflow-zero-day-vulnerability-uncovered-microsoft-skype-v72-v735
• http://www.cvedetails.com/cve/CVE-2017-9948/
• http://www.securityfocus.com/bid/99281/info
• https://www.skype.com/en/download-skype/skype-for-windows/downloading/

CIRT Team

Recommended Posts

Active Exploitation of Critical F5 BIG – IP Vulnerability (CVE–2023-46747) Uncovered in Bangladesh

06 Nov 2024 - Security Advisories & Alerts

Emerging Threat_Stealer Malware (Lumma C2) Campaign with fake CAPTCHA pages

08 Oct 2024 - Security Advisories & Alerts

Detection of Fog Ransomware Footprint in Cyber Space of Bangladesh

12 Sep 2024 - Security Advisories & Alerts