Remote Information Disclosure Vulnerability in Microsoft Windows GDI Component
CVE-2017-0038

5.5MEDIUM

Key Information:

Vendor

Microsoft
Status
Windows Graphics Component
Vendor
CVE Published:
20 February 2017

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 82%

What is CVE-2017-0038?

The vulnerability exists in gdi32.dll within the Graphics Device Interface (GDI) of Microsoft Windows, allowing remote attackers to extract sensitive information from the memory of processes through specially crafted Enhanced Metafile (EMF) files. This exploit takes advantage of modified Device Independent Bitmap (DIB) dimensions in an EMR_SETDIBITSTODEVICE record, following an incomplete patch related to multiple prior vulnerabilities. Affected systems include various versions of Windows starting from Vista through Windows 10.

Affected Version(s)

Windows Graphics Component The Graphics Device Interface (GDI) component in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2017-0038-EXP-C-JS
Created by k0keoyo

References

https://bugs.chromium.org/p/project-zero/issues/detail?id...
x_refsource_MISC
https://portal.msrc.microsoft.com/en-US/security-guidance...
x_refsource_CONFIRM
https://0patch.blogspot.com/2017/02/0patching-0-day-windo...
x_refsource_MISC

EPSS Score

82% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.