Lucene search
K

5 matches found

seebug.org
seebug.org
added 2017/02/26 12:0 a.m.68 views

Windows gdi32.dll heap-based out-of-bounds reads / memory disclosure (CVE-2017-0038)

In issue 757, I described multiple bugs related to the handling of DIBs Device Independent Bitmaps embedded in EMF records, as implemented in the user-mode Windows GDI library gdi32.dll. As a quick reminder, the DIB-embedding records follow a common scheme: they include four fields, spots denotin...

4.3CVSS6.5AI score0.821EPSS
Exploits1
ThreatPost
ThreatPost
added 2017/02/21 1:2 p.m.53 views

Google Discloses Unpatched Microsoft Vulnerability

Google’s security researchers disclosed details of an unpatched Microsoft vulnerability in Windows’ GDI library that allows attackers to steal sensitive data from program memory. The flaw was first addressed by Microsoft last June, but Google said the patch was incomplete. As part of its 90-day...

6.9CVSS6.6AI score0.821EPSS
Exploits4References5
CVE
CVE
added 2017/02/20 4:0 p.m.145 views

CVE-2017-0038

The connected material describes a Windows IO Manager bug class (two-step: kernel-mode Initiator sets INPC and IFAC without OFAC; Receiver uses RequestorMode) that can bypass security checks and enable privilege escalation. It clarifies that INPC disables MemAC and SecAC, while OFAC can re-enable...

5.5CVSS4.7AI score0.821EPSS
Exploits1References7Affected Software8
Check Point Advisories
Check Point Advisories
added 2017/02/19 12:0 a.m.15 views

Microsoft Windows Graphics Component Information Disclosure (MS17-013: CVE-2017-0038)

An information disclosure vulnerability has been reported in Microsoft Windows. The vulnerability is due to the way the Windows GDI component improperly discloses the contents of its memory. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...

4.3CVSS5.8AI score0.821EPSS
Exploits1
Circl
Circl
added 2017/02/15 12:0 a.m.16 views

CVE-2017-0038

creationtimestamp| type| source ---|---|--- 2017-02-15 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/41363 2017-03-03 21:33:33+00:00| published-proof-of-concept| https://t.me/canyoupwnme/880 2017-03-03 21:55:35+00:00| published-proof-of-concept| https://t.me/HackerOne/564...

5.5CVSS6.5AI score0.821EPSS
Exploits1References4
Rows per page
Query Builder