Memory Corruption Vulnerability Found in Skype 5.6.59.x

2012-Feb-17 | Tags: memorymicrosoftp2p

Start64!Vulnerability Lab researchers identified a high risk memory corruption flaw that affects the 5.6.59.x versions of the popular messaging applications. By exploiting this flaw, an attacker could remotely crash a computer that’s running Windows 7 simply by sending a file from a Linux client.

The experts demonstrated this vulnerability, found in the file transfer module, by sending a file from Skype v2.2.0.35 Beta for Linux to a contact that was running Skype on a Windows 7 x64 operating system. This transfer resulted in a stable memory corruption on the Windows client side.

“The vulnerability can be exploited by remote attackers with low required user inter action (accept). Successful exploitation requires to accept a file transfer (user inter action) or receive messages & information,” Vulnerability Lab representatives told us.