what you don't know can hurt you

Skype 7.16.0.102 DLL Hijacking

Skype 7.16.0.102 DLL Hijacking
Posted Mar 15, 2017
Authored by Sachin Wagh

Skype version 7.16.0.102 suffers from a dll hijacking vulnerability.

tags | exploit
systems | windows
advisories | CVE-2017-6517
MD5 | 0c2735dbf296d1cf5c47a33dccb561cf

Skype 7.16.0.102 DLL Hijacking

Change Mirror Download
Vulnerability Title: Skype Insecure Library Loading  Vulnerability
(api-ms-win-core-winrt-string-l1-1-0.dll)
Affected Product: Skype
Vendor Homepage: https://www.microsoft.com/en-us/
MSRC Case 32355 TRK:0001002846
CVE-ID : CVE-2017-6517
Severity: Medium

*Description:*

Microsoft Skype contains a DLL hijacking vulnerability that could allow an
unauthenticated attacker to execute arbitrary code on the targeted system.
This vulnerability exists due to some DLL file loaded by aSkype.exea
improperly. And it allows an attacker to load
(api-ms-win-core-winrt-string-l1-1-0.dll) this DLL file of the attackeras
choosing that could execute arbitrary code without the user's knowledge.

*Affected Product:*

Skype 7.16.0.102

*Impact:*

Attacker can exploit the vulnerability to load a DLL file of the attacker's
choosing that could execute arbitrary code. This may help attacker to
successful exploits the system if user creates shell as a DLL.

*Proof-Of-Concept :*

1. Create malicious dll file and save it as
'api-ms-win-core-winrt-string-l1-1-0.dll' in your "Downloads" directory.

2. Download Skype 7.16.0.102 and save it in your "Downloads"
directory.

3. Execute Skype.exe from your "Downloads" directory.

4. Malicious dll file gets executed.

*Credit:*

*Sachin Wagh (tiger_tigerboy)*
Login or Register to add favorites

File Archive:

January 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    0 Files
  • 3
    Jan 3rd
    20 Files
  • 4
    Jan 4th
    4 Files
  • 5
    Jan 5th
    37 Files
  • 6
    Jan 6th
    20 Files
  • 7
    Jan 7th
    4 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    0 Files
  • 10
    Jan 10th
    18 Files
  • 11
    Jan 11th
    8 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    31 Files
  • 14
    Jan 14th
    2 Files
  • 15
    Jan 15th
    0 Files
  • 16
    Jan 16th
    0 Files
  • 17
    Jan 17th
    0 Files
  • 18
    Jan 18th
    0 Files
  • 19
    Jan 19th
    0 Files
  • 20
    Jan 20th
    0 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close