Critical Skype Bug Lets Hackers Remotely Execute Malicious Code

A critical vulnerability has been discovered in Microsoft-owned most popular free web messaging and voice calling service Skype that could allow hackers to remotely execute malicious code and crash systems.

Skype is a free online service that allows users to communicate with peers by voice, video, and instant messaging over the Internet. The service was acquired by Microsoft Corporation in May 2011 for US$8.5 Billion due to its worldwide popularity.

"The issue can be exploited remotely via session or by local interaction. The problem is located in the print clipboard format & cache transmit via remote session on Windows XP, Windows 7, Windows 8 and Windows 10. In Skype v7.37 the vulnerability is patched," the security firm wrote.

No User Interaction Needed 

What's worst? The stack buffer overflow vulnerability doesn't require any user interaction, and only require a low privilege Skype user account.

So, an attacker can remotely crash the application "with an unexpected exception error, to overwrite the active process registers," or even execute malicious code on a target system running the vulnerable Skype version.

The issue resides in the way Skype uses the 'MSFTEDIT.DLL' file in case of a copy request on local systems.

Here is the video to fix this flaw.

https://youtu.be/VUx2TSJ36-g