Skype Click to Call Update Service DLL Loading Arbitrary Code Execution Vulnerability
BID:58519
Info
Skype Click to Call Update Service DLL Loading Arbitrary Code Execution Vulnerability
| Bugtraq ID: | 58519 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Mar 15 2013 12:00AM |
| Updated: | Mar 15 2013 12:00AM |
| Credit: | Oliver-Tobias Ripka |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
Skype Click to Call Update Service DLL Loading Arbitrary Code Execution Vulnerability
Skype Click to Call Update Service is prone to an arbitrary code-execution vulnerability.
An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges in the context of the user running the vulnerable application.
Skype Click to Call Update Service is prone to an arbitrary code-execution vulnerability.
An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges in the context of the user running the vulnerable application.
Exploit / POC
Skype Click to Call Update Service DLL Loading Arbitrary Code Execution Vulnerability
The researcher who discovered the issue has created a proof of concept; please see the references.
The researcher who discovered the issue has created a proof of concept; please see the references.
Solution / Fix
Skype Click to Call Update Service DLL Loading Arbitrary Code Execution Vulnerability
Solution:
Reportedly the issue is fixed, however Symantec has not confirmed this. Please contact the vendor for more information.
Solution:
Reportedly the issue is fixed, however Symantec has not confirmed this. Please contact the vendor for more information.
References
Skype Click to Call Update Service DLL Loading Arbitrary Code Execution Vulnerability
References:
References:
- Skype Homepage (Skype Technologies)