CVE-2006-5586

high

Description

The Graphics Rendering Engine in Microsoft Windows 2000 SP4 and XP SP2 allows local users to gain privileges via "invalid application window sizes" in layered application windows, aka the "GDI Invalid Window Size Elevation of Privilege Vulnerability."

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1385

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-017

http://www.vupen.com/english/advisories/2007/1215

http://www.securitytracker.com/id?1017846

http://www.securityfocus.com/bid/23277

http://www.securityfocus.com/archive/1/466186/100/200/threaded

Details

Source: Mitre, NVD

Published: 2007-04-04

Updated: 2025-04-09

Risk Information

CVSS v2

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.01313