Posted by Tien Phan on Sep 27

Hi,

There are a dll planting vuln in skype installer. This vuln had been
reported to Microsoft but they decided not fix this.

Here is the vulnerability details:
——
Skype installer in Windows is open to DLL hijacking.

Skype looks for a specific DLL by dynamically going through a set of
predefined directories. One of the directory being scanned is the
installation directory, and this is exactly what is abused in this
vulnerability….