Elevation of Privilege Vulnerability in Microsoft Windows GDI
CVE-2017-0047

7.8HIGH

Key Information:

Vendor
Microsoft
Status
Windows Gdi
Vendor
CVE Published:
17 March 2017

Summary

The Graphics Device Interface (GDI) in several Microsoft Windows products can be manipulated by local users to gain elevated privileges through a specially crafted application. This vulnerability poses significant risk as it allows unauthorized access to execute commands or access restricted areas of the operating system, facilitating further exploitation. It is imperative for users on the affected platforms to apply updates and patches promptly to mitigate potential security breaches.

Affected Version(s)

Windows GDI The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607

References

http://www.securitytracker.com/id/1038002
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/96034
vdb-entryx_refsource_BID
https://portal.msrc.microsoft.com/en-US/security-guidance...
x_refsource_CONFIRM

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.