Vulnerability Description
A stack buffer overflow vulnerability has been discovered in Microsoft Skype 7.2, 7.35, and 7.36 before 7.37, involving MSFTEDIT.DLL mishandling of remote RDP clipboard content within the message box.
CVSS Score
8.8
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Skype | 7.2 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/99281Third Party AdvisoryVDB Entry
- https://www.vulnerability-db.com/?q=articles/2017/05/28/stack-buffer-overflow-zeThird Party AdvisoryVDB Entry
- https://www.vulnerability-lab.com/get_content.php?id=2071Mailing ListThird Party Advisory
- https://www.vulnerability-lab.com/get_content.php?id=2084Mailing ListThird Party Advisory
- http://www.securityfocus.com/bid/99281Third Party AdvisoryVDB Entry
- https://www.vulnerability-db.com/?q=articles/2017/05/28/stack-buffer-overflow-zeThird Party AdvisoryVDB Entry
- https://www.vulnerability-lab.com/get_content.php?id=2071Mailing ListThird Party Advisory
- https://www.vulnerability-lab.com/get_content.php?id=2084Mailing ListThird Party Advisory
FAQ
What is CVE-2017-9948?
CVE-2017-9948 is a vulnerability with a CVSS score of 8.8 (HIGH). A stack buffer overflow vulnerability has been discovered in Microsoft Skype 7.2, 7.35, and 7.36 before 7.37, involving MSFTEDIT.DLL mishandling of remote RDP clipboard content within the message box.
How severe is CVE-2017-9948?
CVE-2017-9948 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-9948?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Skype.