CVE-2006-5586

Microsoft Windows 2000/XP - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2006-5586.

AI-analyzed exploit summary This exploit targets a vulnerability in Microsoft Windows GDI (CVE-2006-5586) via maliciously crafted .ANI files, leading to remote elevation of privilege. The exploit is packaged as a binary (ZIP) and was historically used in attacks (MS07-017).

Description

The Graphics Rendering Engine in Microsoft Windows 2000 SP4 and XP SP2 allows local users to gain privileges via "invalid application window sizes" in layered application windows, aka the "GDI Invalid Window Size Elevation of Privilege Vulnerability."

Exploits (3)

exploitdb WORKING POC
remotewindows
https://www.exploit-db.com/exploits/3804

This exploit targets a vulnerability in Microsoft Windows GDI (CVE-2006-5586) via maliciously crafted .ANI files, leading to remote elevation of privilege. The exploit is packaged as a binary (ZIP) and was historically used in attacks (MS07-017).

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Windows (GDI)
No auth needed
Prerequisites: User interaction (e.g., viewing a malicious .ANI file)
devstral-2 · analyzed Feb 19, 2026 Full analysis →
exploitdb WORKING POC
clocalwindows
https://www.exploit-db.com/exploits/3755

This exploit leverages a GDI vulnerability (CVE-2006-5586) to achieve local privilege escalation by manipulating a palette object's kernel pointer in the GDI shared section, allowing arbitrary code execution in kernel mode.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Reliable
Target: Windows 2000/XP before MS07-017 patch
No auth needed
Prerequisites: Local access to the target system · Unpatched Windows 2000/XP system
devstral-2 · analyzed Feb 19, 2026 Full analysis →
exploitdb WORKING POC
clocalwindows
https://www.exploit-db.com/exploits/3688

This exploit demonstrates a local privilege escalation (LPE) vulnerability in Windows GDI (CVE-2006-5586) by manipulating the GDI table to overwrite a win32k.sys SSDT entry, allowing arbitrary kernel code execution. The PoC allocates memory at address 0x2, crafts a payload, and triggers the vulnerability via DeleteObject.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Reliable
Target: Microsoft Windows XP SP2 (GDI)
No auth needed
Prerequisites: Local access to a vulnerable Windows XP SP2 system
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (6)

Core 6
Core References
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/1215
Third Party Advisory, VDB Entry vendor-advisory x_refsource_hp
http://www.securityfocus.com/archive/1/466186/100/200/threaded
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1385
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/23277
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1017846

Scores

EPSS 0.0118
EPSS Percentile 79.2%

Details

Status published
Products (2)
microsoft/windows_2000
microsoft/windows_xp (3 CPE variants)
Published Apr 04, 2007
Tracked Since Feb 18, 2026