Critical severity9.8NVD Advisory· Published Mar 23, 2017· Updated May 13, 2026

CVE-2017-6517

Description

Microsoft Skype 7.16.0.102 contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. This vulnerability exists due to the way .dll files are loaded by Skype. It allows an attacker to load a .dll of the attacker's choosing that could execute arbitrary code without the user's knowledge.The specific flaw exists within the handling of DLL (api-ms-win-core-winrt-string-l1-1-0.dll) loading by the Skype.exe process.

Affected products

Microsoft/Skype
cpe:2.3:a:microsoft:skype:7.16.0.102:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstormsecurity.com/files/141650/Skype-7.16.0.102-DLL-Hijacking.htmlnvdExploitThird Party AdvisoryUS Government Resource
seclists.org/fulldisclosure/2017/Mar/44nvdMailing ListThird Party Advisory
www.securityfocus.com/bid/96969nvdThird Party AdvisoryVDB Entry
technet.microsoft.com/security/cc308575.aspxnvdNot Applicable
twitter.com/tiger_tigerboy/status/755332687141883904nvdPress/Media Coverage
twitter.com/vysecurity/status/845013670103003138nvdPress/Media Coverage
www.securitytracker.com/id/1038209nvd

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.016
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000