CVE-2006-5586

Microsoft Windows 2000/XP - Privilege Escalation

Title source: llm

Description

The Graphics Rendering Engine in Microsoft Windows 2000 SP4 and XP SP2 allows local users to gain privileges via "invalid application window sizes" in layered application windows, aka the "GDI Invalid Window Size Elevation of Privilege Vulnerability."

Exploits (3)

exploitdb WORKING POC

clocalwindows

https://www.exploit-db.com/exploits/3755

View on exploitdb

exploitdb WORKING POC

clocalwindows

https://www.exploit-db.com/exploits/3688

View on exploitdb

exploitdb WORKING POC

remotewindows

https://www.exploit-db.com/exploits/3804

View on exploitdb

References (6)

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-017

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/466186/100/200/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/23277

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1385

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1017846

[Third Party Advisory] http://www.vupen.com/english/advisories/2007/1215

Scores

EPSS 0.0118

EPSS Percentile 78.5%

Classification

Status draft

Affected Products (4)

microsoft/windows_2000

microsoft/windows_xp

microsoft/windows_xp

microsoft/windows_xp

Timeline

Published Apr 04, 2007

Tracked Since Feb 18, 2026