A critical new flaw in Microsoft Corp.’s Skype messaging service could allow hackers to crash systems and execute code in them, according to a report published Tuesday.

Discovered by Vulnerability Lab security researcher Benjamin Kunz Mejri, the flaw, described as a stack buffer overflow vulnerability, affects the official Skype clients in versions v7.2, v7.3.5 & v7.3.6. The flaw itself is considered dangerous because it permits a potential hacker to crash the application remotely with an unexpected exception error and thus permits overwriting of active process registers and the ability to execute malicious code.

According to Mejri, the security vulnerability is located in the “clipboard format” within the Skype software. The vulnerability allows attackers to use a remote computer system with a shared clipboard to provoke a “stack buffer overflow” — a process where data is pumped into a given memory allocation in excess of its capacity.

“The limitation of the transmitted size and count for images via print of the remote session clipboard has no secure limitations or restrictions,” Merji explained. “Attackers are able to crash the software with one request to overwrite the EIP register of the active software process. This allows local or remote attackers to execute own codes on the affected and connected computer systems via the Skype software.”

While that may sound technically complicated, the good news is that Vulnerability Lab notified Microsoft of the bug in May, and the team behind Skype developed a fix. Skype versions 7.37.178 and later now include a patch for the vulnerability.

If you’re currently using Skype on Windows, it’s highly advised that you make sure you’re running the latest version to ensure against an attack.

Image: 140988606@N08/Flickr