Buffer Overflow in Microsoft Windows XP and Server 2003 Affects Remote Authentication
CVE-2017-0176

8.1HIGH

Key Information:

Vendor
Microsoft
Status
Microsoft Windows Server 2003 Sp1, Sp2 Windows Xp - Sp3
Vendor
CVE Published:
22 June 2017

Summary

A vulnerability exists within the Smart Card authentication code in gpkcsp.dll for Microsoft Windows XP and Server 2003, enabling a remote attacker to execute arbitrary code. This situation arises when the targeted computers are part of a Windows domain and have Remote Desktop Protocol (RDP) or Terminal Services enabled. Exploiting this vulnerability can lead to unauthorized access and control over the affected systems, posing significant security risks to organizations still using these legacy operating systems.

Affected Version(s)

Microsoft Windows Server 2003 SP1, SP2 Windows XP - SP3 Microsoft Windows Server 2003 SP1, SP2 Windows XP - SP3

References

http://www.securityfocus.com/bid/98550
vdb-entryx_refsource_BID
https://support.microsoft.com/en-us/help/4022747/security...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/98752
vdb-entryx_refsource_BID

EPSS Score

71% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.