CVE-2017-6517

Sažetak

Microsoft Skype 7.16.0.102 contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. This vulnerability exists due to the way .dll files are loaded by Skype. It allows an attacker to load a .dll of the attacker's choosing that could execute arbitrary code without the user's knowledge.The specific flaw exists within the handling of DLL (api-ms-win-core-winrt-string-l1-1-0.dll) loading by the Skype.exe process.

Reference

http://packetstormsecurity.com/files/141650/Skype-7.16.0.102-DLL-Hijacking.html
http://seclists.org/fulldisclosure/2017/Mar/44
http://www.securityfocus.com/bid/96969
http://www.securitytracker.com/id/1038209
https://technet.microsoft.com/security/cc308575.aspx
https://twitter.com/tiger_tigerboy/status/755332687141883904
https://twitter.com/vysecurity/status/845013670103003138

CVSS

Base:	10.0
Impact:	10.0
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

03-10-2019 - 00:03

Objavljeno

23-03-2017 - 20:59