Untrusted Search Path Vulnerabilities in Microsoft Skype Allow Arbitrary Code Execution and DLL Hijacking

Untrusted Search Path Vulnerabilities in Microsoft Skype Allow Arbitrary Code Execution and DLL Hijacking

CVE-2016-5720 · HIGH Severity

AV:L/AC:L/AU:N/C:C/I:C/A:C

Multiple untrusted search path vulnerabilities in Microsoft Skype allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) msi.dll, (2) dpapi.dll, or (3) cryptui.dll that is located in the current working directory.

Learn more about our Api Penetration Testing.