CVE-2006-5758
Microsoft Windows - GDI Privilege Escalation (MS07-017)
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
4Exploited in Wild
-Decision
Descriptions
The Graphics Rendering Engine in Microsoft Windows 2000 through 2000 SP4 and Windows XP through SP2 maps GDI Kernel structures on a global shared memory section that is mapped with read-only permissions, but can be remapped by other processes as read-write, which allows local users to cause a denial of service (memory corruption and crash) and gain privileges by modifying the kernel structures.
El Graphics Rendering Engine en Microsoft Windows 2000 hasta 2000 SP4 y Windows XP hasta SP2 mapea estructuras del núcleo GDI en una sección de memoria global compartida que está mapeada con permisos de sólo lectura, pero puede ser remapeada por otros procesos como lectura-escritura, lo cual permite a usuarios locales provocar una denegación de servicio (corrupción de memoria y caída) y ganar privilegios modificando las estructuras del núcleo.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2006-11-06 CVE Reserved
- 2006-11-06 CVE Published
- 2007-04-08 First Exploit
- 2024-03-31 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (15)
| URL | Tag | Source |
|---|---|---|
| http://kernelwars.blogspot.com/2007/01/alive.html | X_refsource_misc | |
| http://projects.info-pull.com/mokb/MOKB-06-11-2006.html | X_refsource_misc | |
| http://securitytracker.com/id?1017168 | Vdb Entry | |
| http://www.blackhat.com/html/bh-europe-07/bh-eu-07-speakers.html#Eriksson | X_refsource_misc | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/30042 | Vdb Entry | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2056 | Signature |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/3688 | 2007-04-08 | |
| https://www.exploit-db.com/exploits/3755 | 2007-04-17 | |
| https://www.exploit-db.com/exploits/3804 | 2007-04-26 | |
| http://www.securityfocus.com/bid/20940 | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/22668 | 2018-10-17 | |
| http://www.securityfocus.com/archive/1/466186/100/200/threaded | 2018-10-17 | |
| http://www.vupen.com/english/advisories/2006/4358 | 2018-10-17 | |
| http://www.vupen.com/english/advisories/2007/1215 | 2018-10-17 | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-017 | 2018-10-17 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Windows 2000 Search vendor "Microsoft" for product "Windows 2000" | * | sp4 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Xp Search vendor "Microsoft" for product "Windows Xp" | * | gold, professional_x64 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Xp Search vendor "Microsoft" for product "Windows Xp" | * | sp2 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Xp Search vendor "Microsoft" for product "Windows Xp" | * | sp2, professional_x64 |
Affected
| ||||||