6.6 Medium
AI Score
Confidence
Low
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
9.5%
The Graphics Rendering Engine in Microsoft Windows 2000 SP4 and XP SP2 allows local users to gain privileges via “invalid application window sizes” in layered application windows, aka the “GDI Invalid Window Size Elevation of Privilege Vulnerability.”
CPE | Name | Operator | Version |
---|---|---|---|
microsoft:windows_xp | microsoft windows xp | eq | * |
microsoft:windows_2000 | microsoft windows 2000 | eq | * |
www.securityfocus.com/archive/1/466186/100/200/threaded
www.securityfocus.com/bid/23277
www.securitytracker.com/id?1017846
www.vupen.com/english/advisories/2007/1215
docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-017
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1385