Local Privilege Escalation in Windows Graphics Component by Microsoft
CVE-2017-0155

7HIGH

Key Information:

Vendor

Microsoft
Status
Windows Graphics Component
Vendor
CVE Published:
12 April 2017

What is CVE-2017-0155?

The Windows Graphics component in various Microsoft operating systems, including Windows Vista SP2, Windows Server 2008 SP2, Windows Server 2008 R2 SP1, and Windows 7 SP1, has a vulnerability that enables local users to elevate their privileges. This can be exploited through a specially crafted application, allowing unauthorized actions on the system. This issue highlights the importance of applying patches and ensuring that systems are updated to defend against potential exploits.

Affected Version(s)

Windows Graphics Component Windows Vista SP2, Windows Server 2008 SP2, Windows Server 2008 R2 SP1, and Windows 7 SP1

References

http://www.securitytracker.com/id/1038237
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/97471
vdb-entryx_refsource_BID
https://portal.msrc.microsoft.com/en-US/security-guidance...
x_refsource_CONFIRM

EPSS Score

10% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.