CVE-2017-0025Improper Restriction of Operations within the Bounds of a Memory Buffer in Corporation Windows GDI

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer10 documents4 sources
Severity
7.8HIGHNVD
EPSS
1.3%
top 20.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
17
Microsoft Corporation Windows GDIMicrosoft Windows 10Microsoft Windows Server 2008+14 more
Timeline
PublishedMar 17
Latest updateMay 13

Description

The kernel-mode drivers in Microsoft Windows Vista; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0001, CVE-2017-0005, and CVE-2017-0047.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages16 packages

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

4
GHSA
GHSA-4vm3-h9r2-w6h6: The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 82022-05-13
GHSA
GHSA-8w8f-9j37-53m3: The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 82022-05-13
GHSA
GHSA-675h-vwc7-whcj: The kernel-mode drivers in Microsoft Windows Vista; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 82022-05-13
GHSA
GHSA-3jwp-gjhp-77f3: The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 82022-05-13

📋Vendor Advisories

1
Microsoft
Windows GDI Elevation of Privilege Vulnerability2017-03-14

🕵️Threat Intelligence

1
Zscaler
Zscaler found Multiple Security Vulnerabilities | 03-14-2017