Published: 26/06/2017 Updated: 05/07/2017

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 580

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

A stack buffer overflow vulnerability has been discovered in Microsoft Skype 7.2, 7.35, and 7.36 prior to 7.37, involving MSFTEDIT.DLL mishandling of remote RDP clipboard content within the message box.

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft skype 7.36
microsoft skype 7.35
microsoft skype 7.2

Make sure your Skype is up to date because FYI there's a nasty hole in it

The Register • John Leyden • 27 Jun 2017

Nothing to see here, says Microsoft, just more crappy code

Infosec researchers have discovered a nasty and exploitable security vulnerability in older versions of Skype on Windows. The stack buffer overflow flaw allows miscreants to inject malicious code into Windows boxes running older versions of Skype, bug hunters at Vulnerability Laboratory warn: The CVE-2017-9948 bug involves mishandling of remote RDP clipboard content within the message box. Microsoft said the bug isn't a problem for those running the latest version of its software. "Users on the ...

CVE-2017-9948

Vulnerability Summary

Recent Articles

References

Vulmon Search

About

Products

Connect