CVE-2017-6517

CVE Database · CVE-2017-6517

CVE-2017-6517

· N/AModified

CVSS v3.1

N/A

EPSS

46.34%

Published

Mar 23, 2017

Modified

May 12, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Microsoft Skype 7.16.0.102 contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. This vulnerability exists due to the way .dll files are loaded by Skype. It allows an attacker to load a .dll of the attacker's choosing that could execute arbitrary code without the user's knowledge.The specific flaw exists within the handling of DLL (api-ms-win-core-winrt-string-l1-1-0.dll) loading by the Skype.exe process.

Weaknesses (CWE)

CWE-427

Affected Products (1)

microsoft · skypevulnerable

References (14)

http://packetstormsecurity.com/files/141650/Skype-7.16.0.102-DLL-Hijacking.html

ExploitThird Party AdvisoryUS Government Resource

http://seclists.org/fulldisclosure/2017/Mar/44

Mailing ListThird Party Advisory

http://www.securityfocus.com/bid/96969

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1038209

https://technet.microsoft.com/security/cc308575.aspx

Not Applicable

https://twitter.com/tiger_tigerboy/status/755332687141883904

Press/Media Coverage

KEV Catalog EPSS Scores Vendors All CVEs