Vulnerability CVE-2017-6517
Published: 2017-03-23

Description:
Microsoft Skype 7.16.0.102 contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. This vulnerability exists due to the way .dll files are loaded by Skype. It allows an attacker to load a .dll of the attacker's choosing that could execute arbitrary code without the user's knowledge.The specific flaw exists within the handling of DLL (api-ms-win-core-winrt-string-l1-1-0.dll) loading by the Skype.exe process.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Skype 7.16.0.102 DLL Hijacking
Sachin Wagh
17.03.2017

Type:

CWE-427

 (Uncontrolled Search Path Element)

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Microsoft -> Skype 

 References:
http://packetstormsecurity.com/files/141650/Skype-7.16.0.102-DLL-Hijacking.html
http://seclists.org/fulldisclosure/2017/Mar/44
http://www.securityfocus.com/bid/96969
http://www.securitytracker.com/id/1038209
https://technet.microsoft.com/security/cc308575.aspx
https://twitter.com/tiger_tigerboy/status/755332687141883904
https://twitter.com/vysecurity/status/845013670103003138
Copyright 2024, cxsecurity.com

 

Back to Top