CVE-2017-6517

Name of the Vulnerable Software and Affected Versions Microsoft Skype version 7.16.0.102

Description The issue exists due to the way .dll files are loaded by Skype, allowing an unauthenticated, remote attacker to execute arbitrary code on the targeted system. The specific flaw is within the handling of DLL loading by the Skype.exe process, particularly with the api-ms-win-core-winrt-string-l1-1-0.dll. An attacker can exploit this by loading a specially crafted .dll file, potentially executing arbitrary code without the user's knowledge.

Recommendations For Microsoft Skype version 7.16.0.102, consider restricting the loading of external libraries to prevent exploitation until a patch is available. As a temporary workaround, avoid using the Skype.exe process to load .dll files from untrusted sources, especially the api-ms-win-core-winrt-string-l1-1-0.dll, to minimize the risk of arbitrary code execution.