CyberSec.Space Logo
Back to CVE Browser

CVE-2017-6517

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1320%
EPSS Percentile0.23th
PublishedMar 23, 2017
Last ModifiedMay 13, 2026

Vulnerability Description

Microsoft Skype 7.16.0.102 contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. This vulnerability exists due to the way .dll files are loaded by Skype. It allows an attacker to load a .dll of the attacker's choosing that could execute arbitrary code without the user's knowledge.The specific flaw exists within the handling of DLL (api-ms-win-core-winrt-string-l1-1-0.dll) loading by the Skype.exe process.

Affected Platforms (CPE)

πŸ“¦
Microsoft

Skype

= 7.16.0.102

References & Advisories

πŸ”— http://packetstormsecurity.com/files/141650/Skype-7.16.0.102-DLL-Hijacking.html
πŸ”— http://seclists.org/fulldisclosure/2017/Mar/44
πŸ”— http://www.securityfocus.com/bid/96969
πŸ”— http://www.securitytracker.com/id/1038209
πŸ”— https://technet.microsoft.com/security/cc308575.aspx
πŸ”— https://twitter.com/tiger_tigerboy/status/755332687141883904
πŸ”— https://twitter.com/vysecurity/status/845013670103003138
πŸ”— http://packetstormsecurity.com/files/141650/Skype-7.16.0.102-DLL-Hijacking.html

Related Vulnerabilities

CVE-2005-326710.0

Integer overflow in Skype client before 1.4.x.84 on Windows, before 1.3.x.17 on Mac OS, before 1.2.x.18 on Linux, and 1.1.x.6 and ...

CVE-2009-474110.0

Unspecified vulnerability in the Extras Manager before 2.0.0.67 in Skype before 4.1.0.179 on Windows has unknown impact and attack...

CVE-2020-10259.8

An elevation of privilege vulnerability exists when Microsoft SharePoint Server and Skype for Business Server improperly handle OA...

CVE-2016-71829.8

The Graphics component in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Ser...

CVE-2017-6517 Detail & Impact Analysis | CVSS 9.8 (CRITICAL) | Cyber-Sec.Space | Cyber-Sec.Space