CVE-2017-0047 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Corporation Windows GDI
CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer15 documents4 sources
Severity
7.8HIGHNVD
EPSS
1.7%
top 17.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMar 17
Latest updateMay 13
Description
The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application, aka "Windows GDI Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0001, CVE-2017-0005 and CVE-2017-0025.
CVSS vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages16 packages
Patches
🔴Vulnerability Details
4GHSA▶
GHSA-4vm3-h9r2-w6h6: The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8↗2022-05-13
GHSA▶
GHSA-8w8f-9j37-53m3: The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8↗2022-05-13
GHSA▶
GHSA-675h-vwc7-whcj: The kernel-mode drivers in Microsoft Windows Vista; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8↗2022-05-13
GHSA▶
GHSA-3jwp-gjhp-77f3: The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8↗2022-05-13