Microsoft Skype Mobile 8.12 / 8.13 Denial Of Service

#143
Topic created · 1 Posts · 0 Views
  • Microsoft Skype Mobile versions 8.12 and 8.13 suffer from a denial of service vulnerability.
    MD5 | 804427aae070d66d792d02e1b26d28ee
    Download

    Document Title:  
    ===============  
    Microsoft Skype Mobile v81.2 & v8.13 - Remote Denial of Service Vulnerability  
    References (Source):  
    ====================  
    https://www.vulnerability-lab.com/get_content.php?id=2116  
    Video: https://www.vulnerability-lab.com/get_content.php?id=2117  
    MSRC ID: 43520a   
    CRM:0461036906  
    Acknowledgements: https://technet.microsoft.com/en-us/cc308589  
    Release Date:  
    =============  
    2018-03-27  
    Vulnerability Laboratory ID (VL-ID):  
    ====================================  
    2116  
    Common Vulnerability Scoring System:  
    ====================================  
    4.7  
    Vulnerability Class:  
    ====================  
    Denial of Service  
    Current Estimated Price:  
    ========================  
    1.000a! - 2.000a!  
    Product & Service Introduction:  
    ===============================  
    Skype is a telecommunications application software product that specializes in providing video chat and voice calls   
    between computers, tablets, mobile devices, the Xbox One console, and smartwatches via the Internet and to regular   
    telephones. Skype additionally provides instant messaging services. Users may transmit both text and video messages,   
    and may exchange digital documents such as images, text, and video. Skype allows video conference calls.  
    (Copy of the Homepage: https://en.wikipedia.org/wiki/Skype )  
    Abstract Advisory Information:  
    ==============================  
    The vulnerability laboratory core research team discovered a denial of service vulnerability in the official microsoft skype   
    v8.12 and v8.13 mobile software clients for apple ios or google android.  
    Vulnerability Disclosure Timeline:  
    ==================================  
    2018-02-01: Researcher Notification & Coordination (Security Researcher)  
    2018-02-03: Vendor Notification (Microsoft Security Response Center)  
    2018-02-08: Vendor Response/Feedback (Microsoft Security Response Center)  
    2018-03-20: Vendor Fix/Patch (Microsoft Service Developer Team)  
    2018-03-25: Vendor Fix/Patch (Security Acknowledgements)  
    2018-03-27: Public Disclosure (Vulnerability Laboratory)  
    Discovery Status:  
    =================  
    Published  
    Affected Product(s):  
    ====================  
    Exploitation Technique:  
    =======================  
    Remote  
    Severity Level:  
    ===============  
    Medium  
    Authentication Type:  
    ====================  
    Restricted authentication (user/moderator) - User privileges  
    User Interaction:  
    =================  
    No User Interaction  
    Disclosure Type:  
    ================  
    Coordinated Disclosure  
    Technical Details & Description:  
    ================================  
    A remote denial of service vulnerability has been discovered in the official microsoft skype   
    v8.12 and v8.13 mobile software clients for apple ios or google android.  
    The denial of service web vulnerability allows attackers to crash the skype application by malformed message content transmit.  
    The vulnerability is located in the function to convert the size of transferred images when displaying. When transferring an image   
    from the skype windows software client (computer system) to the mobile skype clients (iOS & android), a memory error occurs when   
    adapting the smilie graphics. Attackers can copy the incorrectly formatted smilie by quota from the message, that is sent in broken   
    format with a permanent resize request. The Attackers can now transfer the copied smilie into conversations to crash it with a memory   
    error. When transferring the smilies by quote or by copying, the harmful content can be transferred to other input fields, which   
    then also cause a local memory error on display. The demo video demonstrates how an attacker can use the content locally to crash   
    himself or other Skype clients like Samsung's. The memory error can be used locally and remotely, but it is not possible to overwrite   
    active registers from the process to compromise them permanently. The exploit of the vulnerability leads to crashes, massive sync   
    problems and untreated memory errors in the mobile Skype iOS & Android software client. Skype for windows, linux & macos operating   
    systems are not affected by the issue but must be used to bring the malicious content to the mobile skype client message board.  
    Proof of Concept (PoC):  
    =======================  
    The vulnerability can be reproduced by local or remote attackers without user interaction and with low privileged skype user account.  
    For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue.  
    Manual steps to reproduce the vulnerability ...  
    1. Setup a windows 10 default system and install skype v7.40.0.151  
    2. Setup a mobile iOS device and install the latest skype v8.12.0.14 & v8.13  
    3. Now open the windows 10 skype client and add the contact of the mobile device  
    4. Open the mobile device and confirm the user add request  
    5. Move back into the windows 10 client and send the mobile skype client 2 kiss smilies for example  
    6. Close the skype client and reopens the client  
    7. Now the smilies graphics are glitching inside by a resize of the image (view demo vide)  
    8. Now the message with the smilies must be quoted or copied and then transfered to any other skype input field were smilies are supported  
    9. Pasting around 50 of them results in an unexpected memory errors and uncaught exceptions or access violations  
    Note: Tested for Android Samsung and Apple iOS. The resize of the larger image results in a memory corruption  
    10. Successful reproduce of the vulnerability!  
    PoC Video: Shows the local issue and the remote triggered bug ...  
    
    Solution - Fix & Patch: ======================= Secure memory allocation when resizing emoticons images during rendering in transfers through the skype mobile software client. Microsoft resolved the vulnerability and prepared an updated version v8.17 & v8.18. In both versions the security issue is known as patched. Security Risk: ============== The security risk of the vulnerability in the skype mobile software client for ios and android is estimated as medium (cvss 4.7). Credits & Authors: ================== Benjamin Kunz Mejri [[[email protected]](/cdn-cgi/l/email-protection)] - https://www.vulnerability-lab.com/show.php?user=Benjamin+K.M. Disclaimer & Information: ========================= The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability mainly for consequential or incidental damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break any licenses, policies, deface websites, hack into databases or trade with stolen data. Domains: www.vulnerability-lab.com - www.vuln-lab.com - www.evolution-sec.com Section: magazine.vulnerability-lab.com - vulnerability-lab.com/contact.php - evolution-sec.com/contact Social: twitter.com/vuln_lab - facebook.com/VulnerabilityLab - youtube.com/user/vulnerability0lab Feeds: vulnerability-lab.com/rss/rss.php - vulnerability-lab.com/rss/rss_upcoming.php - vulnerability-lab.com/rss/rss_news.php Programs: vulnerability-lab.com/submit.php - vulnerability-lab.com/list-of-bug-bounty-programs.php - vulnerability-lab.com/register.php Any modified copy or reproduction, including partially usages, of this file, resources or information requires authorization from Vulnerability Laboratory. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list, modify, use or edit our material contact ([[email protected]](/cdn-cgi/l/email-protection)) to get a ask permission. Copyright A(c) 2018 | Vulnerability Laboratory - [Evolution Security GmbH]aC/ -- VULNERABILITY LABORATORY - RESEARCH TEAM SERVICE: www.vulnerability-lab.com

    Source: packetstormsecurity.com

Log in to reply