CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-0038

gdi32.dll in Graphics Device Interface (GDI) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information from process heap memory via a crafted EMF file, as demonstrated by an EMR_SETDIBITSTODEVICE record with modified Device Independent Bitmap (DIB) dimensions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-3216, CVE-2016-3219, and/or CVE-2016-3220.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.822

EPSS Ranking 99.2%

CVSS Severity

CVSS v3 Score 5.5

CVSS v2 Score 4.3

References

Products affected by CVE-2017-0038

Microsoft » Windows 10 » Version: N/A

cpe:2.3:o:microsoft:windows_10:-
Microsoft » Windows 10 » Version: 1511

cpe:2.3:o:microsoft:windows_10:1511
Microsoft » Windows 10 » Version: 1607

cpe:2.3:o:microsoft:windows_10:1607
Microsoft » Windows 7 » Version: N/A

cpe:2.3:o:microsoft:windows_7:-
Microsoft » Windows 8.1 » Version: N/A

cpe:2.3:o:microsoft:windows_8.1:-
Microsoft » Windows 8.1 » Version: 6.3.9600.20520

cpe:2.3:o:microsoft:windows_8.1:6.3.9600.20520
Microsoft » Windows Rt 8.1 » Version: N/A

cpe:2.3:o:microsoft:windows_rt_8.1:-
Microsoft » Windows Rt 8.1 » Version: 6.3.9600.20520

cpe:2.3:o:microsoft:windows_rt_8.1:6.3.9600.20520
Microsoft » Windows Server 2008 » Version: N/A

cpe:2.3:o:microsoft:windows_server_2008:-
Microsoft » Windows Server 2008 » Version: r2

cpe:2.3:o:microsoft:windows_server_2008:r2
Microsoft » Windows Server 2012 » Version: N/A

cpe:2.3:o:microsoft:windows_server_2012:-
Microsoft » Windows Server 2012 » Version: r2

cpe:2.3:o:microsoft:windows_server_2012:r2
Microsoft » Windows Server 2016 » Version: N/A

cpe:2.3:o:microsoft:windows_server_2016:-
Microsoft » Windows Server 2016 » Version: 10.0.14393.4467

cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4467
Microsoft » Windows Server 2016 » Version: 10.0.14393.4530

cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4530
Microsoft » Windows Server 2016 » Version: 10.0.14393.4583

cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4583
Microsoft » Windows Server 2016 » Version: 10.0.14393.4651

cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4651
Microsoft » Windows Server 2016 » Version: 10.0.14393.4704

cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4704
Microsoft » Windows Server 2016 » Version: 10.0.14393.4770

cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4770
Microsoft » Windows Server 2016 » Version: 10.0.14393.4886

cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4886
Microsoft » Windows Server 2016 » Version: 10.0.14393.4946

cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4946
Microsoft » Windows Server 2016 » Version: 10.0.14393.5066

cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.5066
Microsoft » Windows Server 2016 » Version: 10.0.14393.5125

cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.5125
Microsoft » Windows Server 2016 » Version: 10.0.14393.5192

cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.5192
Microsoft » Windows Server 2016 » Version: 10.0.14393.5246

cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.5246
Microsoft » Windows Server 2016 » Version: 10.0.14393.5291

cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.5291
Microsoft » Windows Server 2016 » Version: 10.0.14393.5356

cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.5356
Microsoft » Windows Server 2016 » Version: 10.0.14393.5427

cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.5427
Microsoft » Windows Server 2016 » Version: 10.0.14393.5501

cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.5501
Microsoft » Windows Server 2016 » Version: 10.0.14393.5582

cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.5582
Microsoft » Windows Server 2016 » Version: 10.0.14393.5648

cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.5648
Microsoft » Windows Server 2016 » Version: 10.0.14393.5717

cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.5717
Microsoft » Windows Server 2016 » Version: 10.0.14393.5850

cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.5850
Microsoft » Windows Server 2016 » Version: 10.0.14393.6085

cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.6085
Microsoft » Windows Server 2016 » Version: 10.0.14393.6167

cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.6167
Microsoft » Windows Server 2016 » Version: 10.0.14393.6351

cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.6351
Microsoft » Windows Server 2016 » Version: 10.0.14393.6452

cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.6452
Microsoft » Windows Server 2016 » Version: 10.0.14393.6614

cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.6614
Microsoft » Windows Server 2016 » Version: 10.0.14393.6796

cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.6796
Microsoft » Windows Server 2016 » Version: 10.0.14393.6897

cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.6897
Microsoft » Windows Server 2016 » Version: 10.0.14393.6981

cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.6981
Microsoft » Windows Server 2016 » Version: 10.0.14393.7070

cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.7070
Microsoft » Windows Server 2016 » Version: 10.0.14393.7159

cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.7159
Microsoft » Windows Server 2016 » Version: 10.0.14393.7259

cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.7259
Microsoft » Windows Server 2016 » Version: 10.0.14393.7336

cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.7336
Microsoft » Windows Server 2016 » Version: 10.0.14393.7428

cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.7428
Microsoft » Windows Server 2016 » Version: 10.0.14393.7515

cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.7515
Microsoft » Windows Server 2016 » Version: 10.0.14393.7606

cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.7606
Microsoft » Windows Server 2016 » Version: 10.0.14393.7876

cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.7876
Microsoft » Windows Server 2016 » Version: 10.0.14393.7969

cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.7969
Microsoft » Windows Server 2016 » Version: 10.0.14393.8148

cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.8148
Microsoft » Windows Server 2016 » Version: 1709

cpe:2.3:o:microsoft:windows_server_2016:1709
Microsoft » Windows Server 2016 » Version: 1803

cpe:2.3:o:microsoft:windows_server_2016:1803
Microsoft » Windows Server 2016 » Version: 1903

cpe:2.3:o:microsoft:windows_server_2016:1903
Microsoft » Windows Server 2016 » Version: 1909

cpe:2.3:o:microsoft:windows_server_2016:1909
Microsoft » Windows Server 2016 » Version: 2004

cpe:2.3:o:microsoft:windows_server_2016:2004
Microsoft » Windows Server 2016 » Version: 20h2

cpe:2.3:o:microsoft:windows_server_2016:20h2
Microsoft » Windows Vista » Version: N/A

cpe:2.3:o:microsoft:windows_vista:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-0038

Products

Pricing

Contact Us