CVE-2006-5586 - The Graphics Rendering Engine in Microsoft Windows 2000 SP4 and XP SP2 allows local users to gain pr

CVE-2006-5586

Summary

The Graphics Rendering Engine in Microsoft Windows 2000 SP4 and XP SP2 allows local users to gain privileges via "invalid application window sizes" in layered application windows, aka the "GDI Invalid Window Size Elevation of Privilege Vulnerability."

References

Vulnerable Configurations

cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:gold:professional_x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:gold:professional_x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*

CVSS

Base:	7.2 (as of 17-10-2018 - 21:43)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:C/I:C/A:C

oval via4

accepted

2011-05-09T04:01:10.217-04:00

class

vulnerability

contributors

name Sudhir Gandhe
organization Secure Elements, Inc.
name Robert L. Hollis
organization ThreatGuard, Inc.
name Shane Shaffer
organization G2, Inc.

definition_extensions

comment Microsoft Windows 2000 SP4 or later is installed
oval oval:org.mitre.oval:def:229
comment Microsoft Windows XP SP2 or later is installed
oval oval:org.mitre.oval:def:521

description

family

windows

oval:org.mitre.oval:def:1385

status

accepted

submitted

2007-04-09T09:49:32

title

GDI Invalid Window Size Elevation of Privilege Vulnerability

version

refmap via4

bid	23277
hp	HPSBST02206 SSRT071354
sectrack	1017846
vupen	ADV-2007-1215

Last major update

17-10-2018 - 21:43

Published

04-04-2007 - 16:19

Last modified

17-10-2018 - 21:43