CVE-2017-0176

8.1HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft Windows Server 2003 Sp1, Sp2 Windows Xp - Sp3
Vendor: CVE Published:; 22 June 2017

Summary

A buffer overflow in Smart Card authentication code in gpkcsp.dll in Microsoft Windows XP through SP3 and Server 2003 through SP2 allows a remote attacker to execute arbitrary code on the target computer, provided that the computer is joined in a Windows domain and has Remote Desktop Protocol connectivity (or Terminal Services) enabled.

Affected Version(s)

Microsoft Windows Server 2003 SP1, SP2 Windows XP - SP3 Microsoft Windows Server 2003 SP1, SP2 Windows XP - SP3

References

http://www.securityfocus.com/bid/98550

vdb-entryx_refsource_BID

https://support.microsoft.com/en-us/help/4022747/security...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/98752

vdb-entryx_refsource_BID

EPSS Score

71% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 22, 2017
Vulnerability Reserved
Sep 9, 2016

Collectors

NVD DatabaseMitre Database

.