CyberSec.Space Logo
CVEブラウザに戻る

CVE-2017-6517

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1320%
EPSS Percentile0.23th
Published2017年3月23日
Last Modified2026年5月13日

Vulnerability Description

Microsoft Skype 7.16.0.102 contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. This vulnerability exists due to the way .dll files are loaded by Skype. It allows an attacker to load a .dll of the attacker's choosing that could execute arbitrary code without the user's knowledge.The specific flaw exists within the handling of DLL (api-ms-win-core-winrt-string-l1-1-0.dll) loading by the Skype.exe process.

Affected Platforms (CPE)

📦
Microsoft

Skype

= 7.16.0.102

References & Advisories

🔗 http://packetstormsecurity.com/files/141650/Skype-7.16.0.102-DLL-Hijacking.html
🔗 http://seclists.org/fulldisclosure/2017/Mar/44
🔗 http://www.securityfocus.com/bid/96969
🔗 http://www.securitytracker.com/id/1038209
🔗 https://technet.microsoft.com/security/cc308575.aspx
🔗 https://twitter.com/tiger_tigerboy/status/755332687141883904
🔗 https://twitter.com/vysecurity/status/845013670103003138
🔗 http://packetstormsecurity.com/files/141650/Skype-7.16.0.102-DLL-Hijacking.html

関連する脆弱性情報

CVE-2005-326710.0

Integer overflow in Skype client before 1.4.x.84 on Windows, before 1.3.x.17 on Mac OS, before 1.2.x.18 on Linux, and 1.1.x.6 and ...

CVE-2009-474110.0

Unspecified vulnerability in the Extras Manager before 2.0.0.67 in Skype before 4.1.0.179 on Windows has unknown impact and attack...

CVE-2020-10259.8

An elevation of privilege vulnerability exists when Microsoft SharePoint Server and Skype for Business Server improperly handle OA...

CVE-2016-71829.8

The Graphics component in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Ser...