A bug in Skype’s updater process can let have attacker to gain full system level access.
A critical vulnerability has been discovered in Skype that could potentially allow attackers to gain rights granting system-level privileges to a local, unprivileged user.
Microsoft, which owns the voice and video-calling service, said it won’t immediately fix the flaw, because the bug would require too much code rewrite.
Skype uses its own built-in updater to keep the software up to date. When that updater runs, it uses another executable file to run the update, which is vulnerable to the hijacking.
The vulnerability has been discovered and reported to Microsoft by security researcher Stefan Kanthak and resides in Skype’s update installer, which is susceptible to Dynamic Link Libraries (DLL) hijacking.
Security researcher Stefan Kanthak found that the Skype update installer could be exploited with a DLL hijacking technique, which can allow an attacker to bluff an application into drawing malicious code instead of the correct library. An attacker can download a malicious DLL into a user-accessible temporary folder and rename it to an existing DLL that can be modified by an unprivileged user. The bug works because the malicious DLL is found first when the app searches for the DLL it needs.
Once system-level privileges are gained, an attacker can do anything, Stefan Kanthak said.
Stefan Kanthak informed Microsoft of the Skype vulnerability back in September, but the company told him that the patch would require the Skype update installer go through “a large code revision”.
Instead, the company decided and said to build an altogether new version of the Skype client that would address the vulnerability.
More on https://capec.mitre.org/data/definitions/471.html
http://seclists.org/fulldisclosure/2018/Feb/33