Skype 0 Day Exploitation Presentation - HITB Malaysia 2011

Document Title:
===============
Skype 0 Day Exploitation Presentation - HITB Malaysia 2011


References:
===========
Presentation: https://www.vulnerability-lab.com/resources/documents/294.pdf
Documentation: https://www.vulnerability-lab.com/get_content.php?id=293

Speaker: https://conference.hitb.org/hitbsecconf2011kul/?page_id=1757

Conference Mirror:
https://conference.hitb.org/hitbsecconf2011kul/materials/D2T1 - SKYPE SOFTWARE VULNERABILITIES - ZERO DAY EXPLOITATION 2011.zip



Release Date:
=============
2011-10-17


Vulnerability Laboratory ID (VL-ID):
====================================
294


Discovery Status:
=================
Published


Exploitation Technique:
=======================
Slides


Severity Level:
===============
High


Technical Details & Description:
================================
The popular VOIP client Skype has been beaten?! As everyone knows Skype takes security very seriously according to their 
own words: “The security of your information is of the utmost concern to us here at Skype and something we take very seriously” 
So we rose up to the challenge and tried to see if we could beat the system filters and/or software out of the box.

This presentation will offer the first in depth view & analysis of the bugs that where found in Skype by the vulnerability-lab.com 
research team in 2011. The presentation will also provide exclusive attack schemes from an attackers point of view which were also 
used for verification of our findings.

Buglist:

– Skype 5.3.x 2.2.x 5.2.x – Persistent Cross Site Scripting Vulnerability
– Skype 5.3.x 2.2.x 5.2.x – Persistent Software Vulnerability
– Skype v5.3.x – Transfer Standby Buffer Overflow Vulnerability
– Skype v5.2.x and v5.3.x – Critical Pointer Vulnerability
– Skype v5.3.x v2.2.x v5.2.x – Denial of Service Vulnerability

Attack schemes:

– Client Side Skype Exploitation (Local & Remote)
– Server Side Exploitation #1 (Local & Remote)
– Server Side Exploitation #2 (Local & Remote)
– Denial of Service Exploitation (Local to Remote)
– Buffer Overflow Exploitation (Remote)
– Pointer Bug Exploitation (Local)

About Benjamin Kunz

Benjamin Kunz M.(28) is active as a penetration tester and security analyst for private and public security firms, hosting entities, 
banks, isp(telecom) and ips. His specialties are security checks(penetrationtests) on services, software, applications, malware 
analysis, underground economy, military intelligence/cyberwar, reverse engineering, lectures and workshops about IT Security. During 
his work as a penetration tester and vulnerability researcher, many open- or closed source applications, software and services were 
formed more secure. In 1997, Benjamin K.M. founded a non-commercial and independent security research group called, “Global Evolution – 
Security Research Group” which is still active today.

From 2010 to 2011, Benjamin M. and Pim C. (Research Team) identified over 300 zero day vulnerabilities in well known products from c
ompanies such as DELL, Barracuda, Mozilla, Kaspersky, McAfee, Google, Cyberoam, Safari, Bitdefender, Asterisk, Telecom, PBX & SonicWall. 
In 2010 he founded the company “Evolution Security”. After the firm’s establishment arose the Vulnerability Lab as the legal european 
initiative for vulnerability researchers, analysts, penetration testers, and serious hacker groups. Ben is also the leader of the Contest 
+ Vulnerability-Lab Research Team. He have a lot of stable references by solved events or contests like ePost SecCup, SCS2, EH2008, 
Har2009, Da-op3n & exclusive zero-day exploitation sessions/releases.


Credits & Authors:
==================
Vulnerability Research Laboratory - Benjamin Kunz Mejri (Rem0ve) &  Pim J.F. Campers (X4lt)


Disclaimer & Information:
=========================
The information provided in this advisory is provided as it is without any warranty. Vulnerability-Lab disclaims all warranties, 
either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-
Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business 
profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some 
states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation 
may not apply. We do not approve or encourage anybody to break any vendor licenses, policies, deface websites, hack into databases 
or trade with fraud/stolen material.

Domains:    www.vulnerability-lab.com   	- www.vuln-lab.com			       - www.vulnerability-lab.com/register
Contact:    [email protected] 	- [email protected] 	       - [email protected]
Section:    video.vulnerability-lab.com 	- forum.vulnerability-lab.com 		       - news.vulnerability-lab.com
Social:	    twitter.com/#!/vuln_lab 		- facebook.com/VulnerabilityLab 	       - youtube.com/user/vulnerability0lab
Feeds:	    vulnerability-lab.com/rss/rss.php	- vulnerability-lab.com/rss/rss_upcoming.php   - vulnerability-lab.com/rss/rss_news.php

Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory. 
Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other 
media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, sourcecode, videos and 
other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), 
modify, use or edit our material contact ([email protected] or [email protected]) to get a permission.

    				   	Copyright © 2012 | Vulnerability Laboratory