Lucene search

MitreCVE-2016-5720

HistoryJan 23, 2017 - 9:59 p.m.

CVE-2016-5720

2017-01-2321:59:01

CWE-264

mitre

web.nvd.nist.gov

cve-2016-5720

microsoft skype

untrusted search path

arbitrary code

dll hijacking

msi.dll

dpapi.dll

cryptui.dll

nvd

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.9

Confidence

High

EPSS

0.001

Percentile

33.2%

JSON

Multiple untrusted search path vulnerabilities in Microsoft Skype allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) msi.dll, (2) dpapi.dll, or (3) cryptui.dll that is located in the current working directory.

Affected configurations

Nvd

Node

microsoftskypeMatch-

VendorProductVersionCPE
microsoftskype-cpe:2.3:a:microsoft:skype:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	skype	-	cpe:2.3:a:microsoft:skype:-:::::::*

References

seclists.org/fulldisclosure/2016/Sep/65

www.securityfocus.com/bid/95859

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.9

Confidence

High

EPSS

0.001

Percentile

33.2%

JSON

Related for CVE-2016-5720