Skype is an instant messaging app that provides online text message and video chat services. Users may transmit both text and video messages and may exchange digital documents such as images, text, and video. It also allows video conference calls.
A critical remote code execution (RCE) vulnerability has been discovered in Skype, the issue may allow attackers to execute code remotely and break the operating systems.
Security researchers have found that the stack buffer overflow vulnerability allows hackers to inject malicious code into Windows boxes that running out-date versions of the software.
Security researchers at vulnerability-lab said:
“The issue can be exploited remotely via session or by local interaction. The problem is located in the print clipboard format & cache transmit via remote session on Windows XP, Windows 7, Windows 8 and Windows 10. In Skype v7.37 the vulnerability is patched.”
Microsoft said that the latest version of Skype is patched and has no issue. Microsoft said:
“Users on the latest Skype client are automatically protected, and we recommend upgrading to this version for the best protection”
You can check more details of the vulnerability in an article by Vulnerability Laboratory researchers here, also you can check the following video for a proof of concept:
