CVE-2017-6517

critical

Microsoft

CVSS v3 Base Score

9.8

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

19.7%

Exploitation probability in 30 days

Top 5% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Confidentiality

High

Integrity

High

Availability

High

Published: March 23, 2017 (3339 days ago)

Last Modified: May 13, 2026

Vendor: Microsoft

Source: NVD

Description

Microsoft Skype 7.16.0.102 contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. This vulnerability exists due to the way .dll files are loaded by Skype. It allows an attacker to load a .dll of the attacker's choosing that could execute arbitrary code without the user's knowledge.The specific flaw exists within the handling of DLL (api-ms-win-core-winrt-string-l1-1-0.dll) loading by the Skype.exe process.

CWE

CWE-427

Affected Products

microsoft skype

References

🔗 packetstormsecurity.com 🔗 seclists.org 🔗 www.securityfocus.com 🔗 www.securitytracker.com 🔗 technet.microsoft.com

CVE-2017-6517

Vulnerability Report

Description

CWE

Affected Products

References