CVE-2017-9948: Microsoft Skype 7.2 / 7.35 / 7.36 Buffer Overflow

Skype is an instant messaging app that provides online text message and video chat services. Users may transmit both text and video messages and may exchange digital documents such as images, text, and video. Skype allows video conference calls. Skype allows users to communicate over the Internet by voice using a microphone, by video using a webcam, and by instant messaging. Skype-to-Skype calls to other users are free of charge, while calls to landline telephones and mobile phones (over traditional telephone networks) are charged via a debit-based user account system called Skype Credit. Some network administrators have banned Skype on corporate, government, home, and education networks, citing such reasons as inappropriate usage of resources, excessive bandwidth usage, and security concerns. Skype originally featured a hybrid peer-to-peer and client-server system. Skype has been powered entirely by Microsoft-operated supernodes since May 2012. Wiki 

Abstract Advisory Information:
==============================
The vulnerability laboratory core research team discovered a stack buffer overflow vulnerability in the official Microsoft Skype v7.2, v7.3.5.103 & v7.3.6 software.
Affected Product(s):
====================
Microsoft Corporation
Product: Skype – Software Client 7.2, 7.35.103 & 7.36.0.101 & 7.36.0.150

Exploitation Technique:
=======================
Local

Severity Level:
===============
High

Technical Details & Description: vulnerability-lab