7.8

CVE-2017-0005

Warning
Exploit

The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application, aka "Windows GDI Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0001, CVE-2017-0025, and CVE-2017-0047.

Data is provided by the National Vulnerability Database (NVD)
MicrosoftWindows 10 1507 Version- HwPlatformx64
MicrosoftWindows 10 1507 Version- HwPlatformx86
MicrosoftWindows 10 1511 Version- HwPlatformx64
MicrosoftWindows 10 1511 Version- HwPlatformx86
MicrosoftWindows 10 1607 Version- HwPlatformx64
MicrosoftWindows 10 1607 Version- HwPlatformx86
MicrosoftWindows 7 Version- Updatesp1
MicrosoftWindows 8.1 Version-
MicrosoftWindows Rt 8.1 Version-
MicrosoftWindows Server 2008 Version- Updatesp2
MicrosoftWindows Server 2008 Versionr2 Updatesp1
MicrosoftWindows Vista Version- Updatesp2

24.05.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Microsoft Windows Graphics Device Interface (GDI) Privilege Escalation Vulnerability

Vulnerability

The Graphics Device Interface (GDI) in Microsoft Windows allows local users to gain privileges via a crafted application.

Description

Apply updates per vendor instructions.

Required actions
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 9.78% 0.927
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 6.9 3.4 10
AV:L/AC:M/Au:N/C:C/I:C/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
http://www.securitytracker.com/id/1038002
Third Party Advisory
Broken Link
VDB Entry
http://www.securityfocus.com/bid/96033
Third Party Advisory
Broken Link
VDB Entry