Privilege Escalation in Microsoft Graphics Component Affecting Windows OS
CVE-2017-0156

7HIGH

Key Information:

Vendor
Microsoft
Status
Windows Graphics Component
Vendor
CVE Published:
12 April 2017

Summary

An elevation of privilege vulnerability in the Microsoft Graphics Component can allow an attacker to execute arbitrary code on a system with a vulnerable version of Windows. This occurs when the component fails to manage memory objects properly, potentially allowing unauthorized access to sensitive resources. Exploiting this vulnerability requires local access to the system and could lead to full control over the affected devices, making it crucial for organizations to apply necessary updates and patches.

Affected Version(s)

Windows Graphics Component Windows 7, Windows 8.1, Windows RT 8.1, Windows 10, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016

References

http://www.securitytracker.com/id/1038237
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/97507
vdb-entryx_refsource_BID
https://portal.msrc.microsoft.com/en-US/security-guidance...
x_refsource_CONFIRM

CVSS V3.1

Score:
7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.