Lucene search

K
cve[email protected]CVE-2017-0047
HistoryMar 17, 2017 - 12:59 a.m.

CVE-2017-0047

2017-03-1700:59:01
web.nvd.nist.gov
63
In Wild
cve
2017
0047
microsoft windows
gdi
elevation of privilege
vulnerability

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.2

Confidence

High

EPSS

0.001

Percentile

49.2%

The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application, aka β€œWindows GDI Elevation of Privilege Vulnerability.” This vulnerability is different from those described in CVE-2017-0001, CVE-2017-0005 and CVE-2017-0025.

Affected configurations

Vulners
NVD
Node
microsoft_corporationwindows_server_2008_sp2_and_r2_sp1\,_windows_7_sp1\,_windows_8.1\,_windows_server_2012_gold_and_r2\,_windows_rt_8.1\,_windows_10_gold\,_1511Match8.1

CNA Affected

[
  {
    "product": "Windows GDI",
    "vendor": "Microsoft Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607"
      }
    ]
  }
]

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.2

Confidence

High

EPSS

0.001

Percentile

49.2%