exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Microsoft Skype Mobile 8.12 / 8.13 Denial Of Service

Microsoft Skype Mobile 8.12 / 8.13 Denial Of Service
Posted Mar 28, 2018
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Microsoft Skype Mobile versions 8.12 and 8.13 suffer from a denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | 627876f417919cd828a3a6e72a859f920ead6c00795181bacedee7e3d7cd18cb

Microsoft Skype Mobile 8.12 / 8.13 Denial Of Service

Change Mirror Download
Document Title:
Microsoft Skype Mobile v81.2 & v8.13 - Remote Denial of Service Vulnerability

References (Source):

Video: https://www.vulnerability-lab.com/get_content.php?id=2117

MSRC ID: 43520a

Acknowledgements: https://technet.microsoft.com/en-us/cc308589

Release Date:

Vulnerability Laboratory ID (VL-ID):

Common Vulnerability Scoring System:

Vulnerability Class:
Denial of Service

Current Estimated Price:
1.000a! - 2.000a!

Product & Service Introduction:
Skype is a telecommunications application software product that specializes in providing video chat and voice calls
between computers, tablets, mobile devices, the Xbox One console, and smartwatches via the Internet and to regular
telephones. Skype additionally provides instant messaging services. Users may transmit both text and video messages,
and may exchange digital documents such as images, text, and video. Skype allows video conference calls.

(Copy of the Homepage: https://en.wikipedia.org/wiki/Skype )

Abstract Advisory Information:
The vulnerability laboratory core research team discovered a denial of service vulnerability in the official microsoft skype
v8.12 and v8.13 mobile software clients for apple ios or google android.

Vulnerability Disclosure Timeline:
2018-02-01: Researcher Notification & Coordination (Security Researcher)
2018-02-03: Vendor Notification (Microsoft Security Response Center)
2018-02-08: Vendor Response/Feedback (Microsoft Security Response Center)
2018-03-20: Vendor Fix/Patch (Microsoft Service Developer Team)
2018-03-25: Vendor Fix/Patch (Security Acknowledgements)
2018-03-27: Public Disclosure (Vulnerability Laboratory)

Discovery Status:

Affected Product(s):

Exploitation Technique:

Severity Level:

Authentication Type:
Restricted authentication (user/moderator) - User privileges

User Interaction:
No User Interaction

Disclosure Type:
Coordinated Disclosure

Technical Details & Description:
A remote denial of service vulnerability has been discovered in the official microsoft skype
v8.12 and v8.13 mobile software clients for apple ios or google android.
The denial of service web vulnerability allows attackers to crash the skype application by malformed message content transmit.

The vulnerability is located in the function to convert the size of transferred images when displaying. When transferring an image
from the skype windows software client (computer system) to the mobile skype clients (iOS & android), a memory error occurs when
adapting the smilie graphics. Attackers can copy the incorrectly formatted smilie by quota from the message, that is sent in broken
format with a permanent resize request. The Attackers can now transfer the copied smilie into conversations to crash it with a memory
error. When transferring the smilies by quote or by copying, the harmful content can be transferred to other input fields, which
then also cause a local memory error on display. The demo video demonstrates how an attacker can use the content locally to crash
himself or other Skype clients like Samsung's. The memory error can be used locally and remotely, but it is not possible to overwrite
active registers from the process to compromise them permanently. The exploit of the vulnerability leads to crashes, massive sync
problems and untreated memory errors in the mobile Skype iOS & Android software client. Skype for windows, linux & macos operating
systems are not affected by the issue but must be used to bring the malicious content to the mobile skype client message board.

Proof of Concept (PoC):
The vulnerability can be reproduced by local or remote attackers without user interaction and with low privileged skype user account.
For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue.

Manual steps to reproduce the vulnerability ...
1. Setup a windows 10 default system and install skype v7.40.0.151
2. Setup a mobile iOS device and install the latest skype v8.12.0.14 & v8.13
3. Now open the windows 10 skype client and add the contact of the mobile device
4. Open the mobile device and confirm the user add request
5. Move back into the windows 10 client and send the mobile skype client 2 kiss smilies for example
6. Close the skype client and reopens the client
7. Now the smilies graphics are glitching inside by a resize of the image (view demo vide)
8. Now the message with the smilies must be quoted or copied and then transfered to any other skype input field were smilies are supported
9. Pasting around 50 of them results in an unexpected memory errors and uncaught exceptions or access violations
Note: Tested for Android Samsung and Apple iOS. The resize of the larger image results in a memory corruption
10. Successful reproduce of the vulnerability!

PoC Video: Shows the local issue and the remote triggered bug ...

Solution - Fix & Patch:
Secure memory allocation when resizing emoticons images during rendering in transfers through the skype mobile software client.
Microsoft resolved the vulnerability and prepared an updated version v8.17 & v8.18. In both versions the security issue is known as patched.

Security Risk:
The security risk of the vulnerability in the skype mobile software client for ios and android is estimated as medium (cvss 4.7).

Credits & Authors:
Benjamin Kunz Mejri [research@vulnerability-lab.com] - https://www.vulnerability-lab.com/show.php?user=Benjamin+K.M.

Disclaimer & Information:
The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed
or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable
in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab
or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability mainly for
consequential or incidental damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break any licenses, policies,
deface websites, hack into databases or trade with stolen data.

Domains: www.vulnerability-lab.com - www.vuln-lab.com - www.evolution-sec.com
Section: magazine.vulnerability-lab.com - vulnerability-lab.com/contact.php - evolution-sec.com/contact
Social: twitter.com/vuln_lab - facebook.com/VulnerabilityLab - youtube.com/user/vulnerability0lab
Feeds: vulnerability-lab.com/rss/rss.php - vulnerability-lab.com/rss/rss_upcoming.php - vulnerability-lab.com/rss/rss_news.php
Programs: vulnerability-lab.com/submit.php - vulnerability-lab.com/list-of-bug-bounty-programs.php - vulnerability-lab.com/register.php

Any modified copy or reproduction, including partially usages, of this file, resources or information requires authorization from Vulnerability Laboratory.
Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by
Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other information on this website is trademark
of vulnerability-lab team & the specific authors or managers. To record, list, modify, use or edit our material contact (admin@) to get a ask permission.

Copyright A(c) 2018 | Vulnerability Laboratory - [Evolution Security GmbH]aC/

SERVICE: www.vulnerability-lab.com
Login or Register to add favorites

File Archive:

September 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    23 Files
  • 2
    Sep 2nd
    12 Files
  • 3
    Sep 3rd
    0 Files
  • 4
    Sep 4th
    0 Files
  • 5
    Sep 5th
    10 Files
  • 6
    Sep 6th
    8 Files
  • 7
    Sep 7th
    30 Files
  • 8
    Sep 8th
    14 Files
  • 9
    Sep 9th
    26 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    5 Files
  • 13
    Sep 13th
    28 Files
  • 14
    Sep 14th
    15 Files
  • 15
    Sep 15th
    17 Files
  • 16
    Sep 16th
    9 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    12 Files
  • 20
    Sep 20th
    15 Files
  • 21
    Sep 21st
    20 Files
  • 22
    Sep 22nd
    13 Files
  • 23
    Sep 23rd
    12 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    30 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By