Lucene search

[email protected]CVE-2017-0038

HistoryFeb 20, 2017 - 4:59 p.m.

CVE-2017-0038

2017-02-2016:59:00

CWE-200

[email protected]

web.nvd.nist.gov

cve-2017-0038

gdi

microsoft

windows

remote attack

heap memory

emf file

information security

vulnerability

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

4.7 Medium

AI Score

Confidence

High

0.971 High

EPSS

Percentile

99.8%

JSON

gdi32.dll in Graphics Device Interface (GDI) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information from process heap memory via a crafted EMF file, as demonstrated by an EMR_SETDIBITSTODEVICE record with modified Device Independent Bitmap (DIB) dimensions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-3216, CVE-2016-3219, and/or CVE-2016-3220.

Affected configurations

Vulners

NVD

Node

microsoft_corporationwindows_graphics_component

CPENameOperatorVersion
microsoft:windows_10microsoft windows 10eq-
microsoft:windows_10microsoft windows 10eq1511
microsoft:windows_10microsoft windows 10eq1607
microsoft:windows_7microsoft windows 7eq*
microsoft:windows_8.1microsoft windows 8.1eq*
microsoft:windows_rt_8.1microsoft windows rt 8.1eq*
microsoft:windows_server_2008microsoft windows server 2008eq*
microsoft:windows_server_2008microsoft windows server 2008eqr2
microsoft:windows_server_2012microsoft windows server 2012eq-
microsoft:windows_server_2012microsoft windows server 2012eqr2

CPE	Name	Operator	Version
microsoft:windows_10	microsoft windows 10	eq	-
microsoft:windows_10	microsoft windows 10	eq	1511
microsoft:windows_10	microsoft windows 10	eq	1607
microsoft:windows_7	microsoft windows 7	eq	*
microsoft:windows_8.1	microsoft windows 8.1	eq	*
microsoft:windows_rt_8.1	microsoft windows rt 8.1	eq	*
microsoft:windows_server_2008	microsoft windows server 2008	eq	*
microsoft:windows_server_2008	microsoft windows server 2008	eq	r2
microsoft:windows_server_2012	microsoft windows server 2012	eq	-
microsoft:windows_server_2012	microsoft windows server 2012	eq	r2

Rows per page:

1-10 of 121

CNA Affected

[
  {
    "product": "Windows Graphics Component",
    "vendor": "Microsoft Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "The Graphics Device Interface (GDI) component in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607"
      }
    ]
  }
]