Content

(MS07-017) Microsoft GDI Local Elevation of Privilege Vulnerability (925902)

Type
Logic error
Impact of exploitation
Privilege Escalation
User Interaction
no user interaction is needed
Attack Vector
Authenticated locally logged on user with limited privileges
Rating
High
CVE reference
CVE-2006-5758,
Vendor Status
Responded and patched
Vulnerable systems
Windows XP  SP0 - SP2,
Windows 2000  SP4,
Summary
A vulnerability is present in the Microsoft Windows Kernel that may allow for a privilege escalation attack. A malicious logged in user could exploit this to control the host.

Tab Navigation

Description

Microsoft Windows is an industry-standard operating system. The Windows Kernel provides service and driver support for applications running on the Windows operating system. A vulnerability exists in the Windows Kernel that could allow a local attacker the ability to cause a denial of service or execute arbitrary code. The local privilege escalation vulnerability is due to errors in Kernel shared memory that could allow GDI object processes the ability to remap from read only to writable. Successful exploitation could lead to complete compromise of the host.

McAfee Product Mitigation & Recommendations

Recommendations

Download and install the patch available from Microsoft (925902): http://www.microsoft.com/technet/security/Bulletin/MS07-017.mspx

McAfee Product Mitigation

McAfee Foundstone

This Foundstone vulnerability check can be used to assess if your systems are vulnerable and is expected to accurately identify if a system is vulnerable in many enterprise environments.

Signature:
(MS07-017) Microsoft GDI Local Elevation of Privilege Vulnerability (925902)
Signature identifier:
4736
Release date:
11/14/2006

Additional Resources

Microsoft Security Bulletin MS07-017: Vulnerability In GDI Could Allow Remote Code Execution (925902)

http://www.microsoft.com/technet/security/Bulletin/MS07-017.mspx

All Information

Timeline -

4/8/2007

Exploit code has been released.

4/4/2007

Vendor has provided patch caveat information

4/3/2007

Vendor has provided a patch.

11/6/2006

Malware exploiting this vulnerability has been discovered.

11/6/2006

Exploit code has been released.

Description -

Microsoft Windows is an industry-standard operating system. The Windows Kernel provides service and driver support for applications running on the Windows operating system. A vulnerability exists in the Windows Kernel that could allow a local attacker the ability to cause a denial of service or execute arbitrary code. The local privilege escalation vulnerability is due to errors in Kernel shared memory that could allow GDI object processes the ability to remap from read only to writable. Successful exploitation could lead to complete compromise of the host.

McAfee Product Mitigation & Recommendations

Recommendations -

Download and install the patch available from Microsoft (925902): http://www.microsoft.com/technet/security/Bulletin/MS07-017.mspx

McAfee Product Mitigation

McAfee Foundstone

This Foundstone vulnerability check can be used to assess if your systems are vulnerable and is expected to accurately identify if a system is vulnerable in many enterprise environments.

Signature:
(MS07-017) Microsoft GDI Local Elevation of Privilege Vulnerability (925902)
Signature identifier:
4736
Release date:
11/14/2006

Additional Resources

Additional Resources -

Microsoft Security Bulletin MS07-017: Vulnerability In GDI Could Allow Remote Code Execution (925902)

http://www.microsoft.com/technet/security/Bulletin/MS07-017.mspx