CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
AI Score
Confidence
High
EPSS
Percentile
10.3%
The Graphics Rendering Engine in Microsoft Windows 2000 SP4 and XP SP2 allows local users to gain privileges via “invalid application window sizes” in layered application windows, aka the “GDI Invalid Window Size Elevation of Privilege Vulnerability.”
Vendor | Product | Version | CPE |
---|---|---|---|
microsoft | windows_2000 | * | cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:* |
microsoft | windows_xp | * | cpe:2.3:o:microsoft:windows_xp:*:gold:professional_x64:*:*:*:*:* |
microsoft | windows_xp | * | cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:* |
microsoft | windows_xp | * | cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:* |
www.securityfocus.com/archive/1/466186/100/200/threaded
www.securityfocus.com/bid/23277
www.securitytracker.com/id?1017846
www.vupen.com/english/advisories/2007/1215
docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-017
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1385