CVE-2006-5586

Microsoft Windows 2000/XP - Privilege Escalation

Title source: llm

Description

The Graphics Rendering Engine in Microsoft Windows 2000 SP4 and XP SP2 allows local users to gain privileges via "invalid application window sizes" in layered application windows, aka the "GDI Invalid Window Size Elevation of Privilege Vulnerability."

Exploits (3)

exploitdb WORKING POC

remotewindows

https://www.exploit-db.com/exploits/3804

View Code ZIP pw:eip

exploitdb WORKING POC

clocalwindows

https://www.exploit-db.com/exploits/3755

View Code ZIP pw:eip

exploitdb WORKING POC

clocalwindows

https://www.exploit-db.com/exploits/3688

View Code ZIP pw:eip

References (6)

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-017

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/466186/100/200/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/23277

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1385

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1017846

[Third Party Advisory] http://www.vupen.com/english/advisories/2007/1215

Scores

EPSS 0.0118

EPSS Percentile 78.8%

Details

Status published

Products (2)

microsoft/windows_2000

microsoft/windows_xp (3 CPE variants)

Published Apr 04, 2007

Tracked Since Feb 18, 2026