CVE-2017-0005

HIGH KEV

Microsoft Windows - Privilege Escalation

Title source: llm

Exploitation Summary

CVE-2017-0005 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added May 24, 2022. EIP tracks 1 public exploit from researchers including sheri31.

AI-analyzed exploit summary This repository contains a functional exploit PoC for CVE-2017-0005, targeting a vulnerability in the Windows GDI component. The code demonstrates memory corruption via crafted GDI function calls, leading to privilege escalation.

Description

The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application, aka "Windows GDI Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0001, CVE-2017-0025, and CVE-2017-0047.

Exploits (1)

nomisec WORKING POC 1 stars

by sheri31 · local

https://github.com/sheri31/0005poc

View Code ZIP pw:eip

This repository contains a functional exploit PoC for CVE-2017-0005, targeting a vulnerability in the Windows GDI component. The code demonstrates memory corruption via crafted GDI function calls, leading to privilege escalation.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Complex

Reliability

Reliable

Target: Microsoft Windows (GDI component)

No auth needed

Prerequisites: Access to a vulnerable Windows system · Ability to execute arbitrary code

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (5)

Core 5

Core References

Patch, Vendor Advisory x_refsource_confirm

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0005

Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/96033

Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1038002

Exploit, Mitigation, Patch, Vendor Advisory x_refsource_confirm

https://blogs.technet.microsoft.com/mmpc/2017/03/27/detecting-and-mitigating-elevation-of-privilege-exploit-for-cve-2017-0005/

Third Party Advisory, US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-0005

Scores

CVSS v3 7.8

EPSS 0.1102

EPSS Percentile 95.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable no

Technical Impact total

Details

CISA KEV 2022-05-24

VulnCheck KEV 2017-03-14

InTheWild.io 2017-03-14

ENISA EUVD EUVD-2017-0372

Status published

Products (13)

microsoft/windows_10_1507 (2 CPE variants)

microsoft/windows_10_1511 (2 CPE variants)

microsoft/windows_10_1607 (2 CPE variants)

microsoft/windows_7

microsoft/windows_8.1

microsoft/windows_rt_8.1

microsoft/windows_server_2008

microsoft/windows_server_2008 r2 sp1

microsoft/windows_server_2012

microsoft/windows_server_2012 r2

... and 3 more

Published Mar 17, 2017

KEV Added May 24, 2022

Tracked Since Feb 18, 2026