Memory Corruption Vulnerability released in Skype 5.6.59.x

Vulnerability Lab's picture
Memory Corruption Vulnerability

Some month after the last skype vulnerability publication the experts of vulnerability-lab [Alexander Fuchs & Benjamin Kunz Mejri] demonstrated a new skype vulnerability, found in the file transfer module, by sending a file from Skype v2.2.0.35 Beta for Linux to a contact that was running Skype 5.6.59.10 on a Windows 7 x64 operating system. This transfer resulted in a stable memory corruption on the Windows7 client.

The following pictures are live crashs from the skype beta linux client to a win7 x64 client when successfully exploited by an remote attacker.

Exploitation reproduce with Ucha G.

The next pictures shows the effect when the client is freezing or crashing. The software drops different access violation (read/write) messages.

The bug is located in the software when processing special crafted transfers/communication processes from a linux v2.2.0.35(Beta) client to a windows v5.6.59.10 client. The vulnerability allows the linux client user to crash the windows client on the remote way via freeze when transfering. The execution of code is not possible via violation (read/write). The bug is only verified on Acer Aspire 5738 with Intel(R) Core(TM)2 Duo & Windows 7 x64.

Vulnerable Module(s): File Transfer Linux v2.2.0.35(Beta) to Windows v5.6.59.10 Client

Verified on OS:  Windows 7 - x64

Typus: Acer Aspire 5738

Processor: Intel(R) Core(TM)2 Duo - T6600 - 2x2.2 GHz

Affected OS version(s): Windows v5.6.59.10

Exploited via: Skype Linux v2.2.0.35(Beta)

The both researchers also provided a little attack scheme which shows the exploitation method behind the disclosed vulnerability.

The vulnerability has been reported in october last year (2011) to the skype security team. The latest Skype version is 5.8.32.154, which probably incorporates the fix for the memory corruption vulnerability.

Original Advisory: http://www.vulnerability-lab.com/get_content.php?id=315