CVE-2017-6517
Description
Microsoft Skype 7.16.0.102 contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. This vulnerability exists due to the way .dll files are loaded by Skype. It allows an attacker to load a .dll of the attackers choosing that could execute arbitrary code without the users knowledge.The specific flaw exists within the handling of DLL (api-ms-win-core-winrt-string-l1-1-0.dll) loading by the Skype.exe process.
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
19.74
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| update skype 7.16.0.102 to latest version | Windows |
| update skype 7.16.0.102 to latest version (For Ubuntu) | Linux |
| update skype 7.16.0.102 to latest version (For Debian) | Linux |
| update skype 7.16.0.102 to latest version (For Centos) | Linux |
| update skype 7.16.0.102 to latest version (For RedHat) | Linux |
| update skype 7.16.0.102 to latest version (For Suse) | Linux |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-343283 | Skype (8.133.0.202) (Manual Upload Required) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234