6.9
CVSSv2

CVE-2017-0005

Published: 17/03/2017 Updated: 03/10/2019
CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4
CVSS v3 Base Score: 7 | Impact Score: 5.9 | Exploitability Score: 1
VMScore: 616
Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Summary

The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application, aka "Windows GDI Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0001, CVE-2017-0025, and CVE-2017-0047.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft windows 10 -

microsoft windows 10 1511

microsoft windows 10 1607

microsoft windows 7

microsoft windows 8.1

microsoft windows rt 8.1

microsoft windows server 2008

microsoft windows server 2008 r2

microsoft windows server 2012 -

microsoft windows server 2012 r2

microsoft windows vista

Vendor Advisories

Microsoft Security Bulletin MS17-013 - Critical 10/11/2017 26 minutes to read Contributors In this article Security Update for Microsoft Graphics Component (4013075)Executive SummaryAffected Software and Vulnerabi ...

Github Repositories

JSON API for NVD CVE details data feeds from NIST

NVD CVE Details as JSON-REST API NVD vulnerability data feeds are published as year-wise JSON files in gzip format This makes fetching CVE details for particular CVE ID very difficult This project mirrors CVE Details into MongoDB and then provide queryable REST-API using NodeJS This will also set background cron-job to keep local database up-to-date with NIST data feeds as s

Resources for Windows exploit development

Advanced Windows exploit development resources Some resources, links, books, and papers related to mostly Windows Internals and anything Windows kernel related Mostly talks and videos that I enjoyed watching These are all resources that I have personally used and gone through Really important resources terminus project React OS Win32k Geoff Chappell - Kernel-Mode Windows HE

Advanced Windows exploit development resources Some resources, links, books, and papers related to mostly Windows Internals and anything Windows kernel related Mostly talks and videos that I enjoyed watching These are all resources that I have personally used and gone through Really important resources terminus project React OS Win32k Geoff Chappell - Kernel-Mode Windows HE

Fully based on Advanced Windows exploitation. Kernel driver exploitation, browser exploitation, heap spraying etc....

Advanced Windows exploit development resources Some resources, links, books, and papers related to mostly Windows Internals and anything Windows kernel related Mostly talks and videos that I enjoyed watching Really important resources terminus project React OS Win32k Geoff Chappell - Kernel-Mode Windows HEVD Vulnerable driver FLARE Kernel Shellcode Loader Vergilius - Undocum

Exploit Advanced Windows exploit development resources Really important resources terminus project React OS Win32k Geoff Chappell - Kernel-Mode Windows HEVD Vulnerable driver FLARE Kernel Shellcode Loader Vergilius - Undocumented kernel structures Windows X86-64 System Call Table Vulnerable Driver Megathread Windows Rootkits Talks / video recordings 11 part playlist - Rootk

PoC in GitHub 2020 CVE-2020-0014 It is possible for a malicious application to construct a TYPE_TOAST window manually and make that window clickable This could lead to a local escalation of privilege with no additional execution privileges needed User action is needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Android-10Android ID: A-1286745

PoC auto collect from GitHub.

PoC in GitHub 2020 CVE-2020-0022 In reassemble_and_dispatch of packet_fragmentercc, there is possible out of bounds write due to an incorrect bounds calculation This could lead to remote code execution over Bluetooth with no additional execution privileges needed User interaction is not needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Andr

Recent Articles

Chinese Hackers Hijacked NSA-Linked Hacking Tool: Report
Threatpost • Lindsey O'Donnell • 22 Feb 2021

New research has found evidence that a Chinese-affiliated threat group (APT31) has hijacked a hacking tool previously used by the Equation Group (which has been tied to the U.S. National Security Agency, or NSA).
The tool in question, dubbed “Jian,” is used to exploit a local privilege-escalation (LPE) flaw in Windows, known as CVE-2017-0005. The exploit was previously discovered and linked to APT31. However, new research by Check Point Research, released Monday, found that APT31 had ...

Microsoft Offers Analysis of Zero-Day Exploited By Zirconium Group
Threatpost • Tom Spring • 28 Mar 2017

Microsoft has released technical details on a zero-day vulnerability being exploited by a little-known APT group known as Zirconium. According to the company the vulnerability (CVE-2017-0005) affects mostly older versions of Windows and can allow an adversary to execute remote code if a user either visits a specially crafted website or opens a rigged document.
The vulnerability, outlined Monday in a technical paper by Microsoft, affects the Windows Win32k component in the Windows GDI (Gr...

Microsoft Quietly Patched Windows Zero-Day Used in Attacks by Zirconium Group
BleepingComputer • Catalin Cimpanu • 27 Mar 2017

Without making too much fuss about it, Microsoft patched a zero-day vulnerability used in live attacks by a cyber-espionage group named Zirconium.
The zero-day, tracked as CVE-2017-0005, affects the Windows Win32k component in the Windows GDI (Graphics Device Interface), included in all Windows OS versions.
According to Microsoft, a successful exploit would have resulted in a memory corruption and elevation of privileges (EoP) for the attacker's code, allowing him to escalate access ...