Skype UTF-8 Symbol Messages Denial of Service Vulnerability
BID:52810
Info
Skype UTF-8 Symbol Messages Denial of Service Vulnerability
| Bugtraq ID: | 52810 |
| Class: | Unknown |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 29 2012 12:00AM |
| Updated: | Mar 29 2012 12:00AM |
| Credit: | Ucha Gobejishvili (longrifle0x), Alexander Fuchs (f0x23) and Benjamin Kunz Mejri (Rem0ve) of Vulnerability Research Laboratory. |
| Vulnerable: |
Skype Technologies Skype 5.8.0.156 |
| Not Vulnerable: |
Skype Technologies Skype 5.8.0.158 |
Discussion
Skype UTF-8 Symbol Messages Denial of Service Vulnerability
Skype is prone to a denial-of-service vulnerability because of a memory-corruption vulnerability.
An attacker can exploit this issue to cause an affected application to crash, denying service to legitimate users. Due to the nature of this issue, arbitrary code-execution may be possible; this has not been confirmed.
This issue is fixed in Skype 5.8.0.158.
Skype is prone to a denial-of-service vulnerability because of a memory-corruption vulnerability.
An attacker can exploit this issue to cause an affected application to crash, denying service to legitimate users. Due to the nature of this issue, arbitrary code-execution may be possible; this has not been confirmed.
This issue is fixed in Skype 5.8.0.158.
Exploit / POC
Skype UTF-8 Symbol Messages Denial of Service Vulnerability
The reporter of this issue has developed a working example and a video to demonstrate it. Please see the references for more information.
The reporter of this issue has developed a working example and a video to demonstrate it. Please see the references for more information.
References
Skype UTF-8 Symbol Messages Denial of Service Vulnerability
References:
References:
- Skype 5.8x 5.5x - Corruption & Persistent Vulnerability (Vulnerability Research Laboratory)
- Skype Homepage (Skype Technologies)