Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11Critical error on Skype allows hackers to execute malicious code remotely
Skype is a popular messaging application that allows users to chat online, make video calls via the Internet, and support multiple platforms. Microsoft acquired Skype from May 2011 for $ 8.5 billion due to its global popularity.
Network security researcher Benjamin Kunz-Mejri from the German organization Vulnerability Lab discovered a buffer overflow that was previously unknown, called CVE-2017-9948, on the Skype version of the application. web during group call. This vulnerability is said to have a high level of risk with a score of 7.2 CVSS and affect Skype version 7.2, 7.35 and 7.36 on Windows XP, Windows 7 and Windows 8, Mejri said in a public release document. on Monday.
'This problem can be exploited remotely via local session or interaction. The problem identified on the clipboard or cache is transferred via remote session on Windows XP, Windows 7, Windows 8 and Windows 10. This vulnerability on Skype version 7.37 has been patched. '
Users do not need to interact
What's the worst thing? Buffer overflow errors do not require user interaction and only a low level of Skype user accounts. Therefore, an attacker can crash a remote application 'with an unexpected error to override the process registration' or even execute the malicious code on a system running vulnerable versions of Skype.
This error is in the way Skype uses the MSFTEDIT.DLL file in case it needs to copy the request on the system.
Hackers can execute malicious code remotely on victim machines via Skype
How do attackers exploit vulnerabilities?
According to the report, an attacker will create a tainted image file, copy and paste from the computer clipboard to the Skype user's chat window. When the file is located on the clipboard of both local and remote systems, Skype will be overflowed by buffer, causing errors and application crashes, open to hackers to exploit.
'' The limit of file size through the session with the remote clipboard has no safety limit. An attacker could crash the software with a request to override the EIP subscription of the active software process, 'said Vulnerability Lab. 'Therefore, it allows local and remote attackers to execute their code on connected and infected computers via Skype'.
PoC code
The company also provides a PoC exploit code that you can use for testing. The Vulnerability Lab reported bugs to Microsoft on May 16, and Microsoft fixed the bug, released a patch on June 8 for Skype version 7.37.178. If you're using Skype, make sure you install the latest version to protect yourself.
Marvin FryYou should read it
- WannaCry is a year old, EternalBlue is bigger than you think
- The Mail app on iOS has serious vulnerabilities
- Hacker exploited three vulnerabilities in Microsoft Office to spread Zyklon malware
- How to check if the computer has serious Windows 10 vulnerabilities
- Hackers are using new Microsoft Office vulnerabilities to distribute malware
- Detecting zero-day vulnerabilities in Internet Explorer helps hackers gain control of the computer
- Microsoft expert discovered a series of serious code execution errors in IoT, OT devices
- Intel's chip has eight new serious vulnerabilities
May be interested
- Windows users need to update this software immediately
this application's security hole could allow a hacker to execute malicious code on a user's windows computer remotely, potentially taking control. - Warning: New malicious code is infecting about 500,000 router devicescisco researchers have released a warning warning about a malicious malicious code called vpnfilter, which is spread by a group of hackers spreading more than 500,000 home or small companies' devices across the globe. world.
- Xiaomi truth has installed malicious code in Xiaomi Mi4?security firm bluebox has discovered a few malicious applications that have been pre-installed on xiaomi mi 4, they are a google application aimed at advertising and trojans, helping hackers to control the phone remotely. ..
- Google Chrome has a serious zero-day error, and hackers can execute malicious code at its fullestthis vulnerability allows hackers to bypass the content security policy (csp) rules that were released in chrome 73. luckily, google has a patch for this vulnerability now.
- Commands used when chatting Skypein the process of working and chatting on skype, if you know and execute the commands, all operations will be quick and simple many times.
- New weapons against malicious code are 'cloud' computing.the 'cloud computing' model of remote server-based data processing and results returned to the pc will incorporate 10 antivirus engines and two hackers to detect hackers to prevent the malicious code.
- Detects two serious vulnerabilities on uTorrent that can help hackers execute malicious code or view download history on your computerhackers can take advantage of these two vulnerabilities to view the history of downloading or executing malware on a user's computer.
- Warning: The new Facebook virus, a malicious code that is spreading rapidly through Messengerfrom yesterday (december 18, 2017), a new type of malicious code has appeared and raged in vietnam. this malicious code is not too sophisticated but is spreading very fast through facebook messenger because it is sent from the friends in the friend list.
- Embed malicious code into PDF file without security errorattack on the system through malicious code embedded in pdf files whether users open with the latest version of adobe reader or foxit reader.
- How does malicious code break into user PC (Part 2)the previous article detailed how aggressive hackers infect malicious code and can see that these are extremely dangerous attack techniques.
Tech info
- iOS 11 stops supporting 32bit applications completely
- What is Petya? What is NotPetya? Is it really ransomware or is it even more dangerous?
- You can hack Mazda cars with USB Flash Drive
- Amazon offers a smart solution to solve the most painful problem when buying clothes online
- Super speed boat 5 times the speed of sound can travel along the UK in 8 minutes
- Google launched a search engine for artificial intelligence
iOS 11 stops supporting 32bit applications completely
What is Petya? What is NotPetya? Is it really ransomware or is it even more dangerous?
You can hack Mazda cars with USB Flash Drive
Amazon offers a smart solution to solve the most painful problem when buying clothes online
Super speed boat 5 times the speed of sound can travel along the UK in 8 minutes
Google launched a search engine for artificial intelligence