Main Vulnerability Database Vulnerabilities #VU38811

Buffer overflow in Skype - CVE-2017-9948

Published: June 26, 2017 / Updated: August 8, 2020

Vulnerability identifier: #VU38811

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2017-9948

CWE-ID: CWE-119

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Microsoft

Affected software:
Skype

Detailed vulnerability description

The vulnerability allows a remote authenticated user to execute arbitrary code.

A stack buffer overflow vulnerability has been discovered in Microsoft Skype 7.2, 7.35, and 7.36 before 7.37, involving MSFTEDIT.DLL mishandling of remote RDP clipboard content within the message box.

How to mitigate CVE-2017-9948

Install update from vendor's website.

Sources

http://www.securityfocus.com/bid/99281
https://www.vulnerability-db.com/?q=articles/2017/05/28/stack-buffer-overflow-zero-day-vulnerability-uncovered-microsoft-skype-v72-v735
https://www.vulnerability-lab.com/get_content.php?id=2071
https://www.vulnerability-lab.com/get_content.php?id=2084

Buffer overflow in Skype - CVE-2017-9948

Detailed vulnerability description

How to mitigate CVE-2017-9948

Sources

Please verify you're human