Vulnerability Details CVE-2006-5586
The Graphics Rendering Engine in Microsoft Windows 2000 SP4 and XP SP2 allows local users to gain privileges via "invalid application window sizes" in layered application windows, aka the "GDI Invalid Window Size Elevation of Privilege Vulnerability."
Exploit prediction scoring system (EPSS) score
EPSS Score 0.012
EPSS Ranking 76.7%
CVSS Severity
CVSS v2 Score 7.2
References
- http://www.securityfocus.com/archive/1/466186/100/200/threaded
- http://www.securityfocus.com/bid/23277
- http://www.securitytracker.com/id?1017846
- http://www.vupen.com/english/advisories/2007/1215
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-017
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1385
- http://www.securityfocus.com/archive/1/466186/100/200/threaded
- http://www.securityfocus.com/bid/23277
- http://www.securitytracker.com/id?1017846
- http://www.vupen.com/english/advisories/2007/1215
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-017
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1385
Products affected by CVE-2006-5586
-
cpe:2.3:o:microsoft:windows_2000:-
-
cpe:2.3:o:microsoft:windows_xp:*
-
cpe:2.3:o:microsoft:windows_xp:-