Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   OS (Microsoft)  >   Windows Kernel Vendors:   Microsoft
Microsoft Windows Kernel GDI Data Structure Processing Bug Lets Local Users Gain Elevated Privileges
SecurityTracker Alert ID:  1017168
SecurityTracker URL:
CVE Reference:   CVE-2006-5758   (Links to External Site)
Updated:  Apr 3 2007
Original Entry Date:  Nov 7 2006
Impact:   Denial of service via local system, Root access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 2000 SP4, XP SP2; and prior service packs
Description:   A vulnerability was reported in the Windows 2000 and XP kernels. A local user can gain kernel-level privileges.

A local user can remap read-only GDI kernel data structures as read-write and then overwrite the data structures, causing arbitrary code to be executed on the target system with kernel level privileges.

The vulnerability resides in the Windows Graphics Rendering Engine when processing WMF and EMF file types.

A local user can also cause exploit this flaw to cause the target system to crash.

The vendor was notified on October 22, 2004.

The original advisory is available at:

A demonstration exploit is available at:

Cesar Cerrudo discovered this vulnerability.

Impact:   A local user can obtain kernel level privileges on the target system or cause denial of service conditions on the target system.
Solution:   The vendor has issued the following fixes:

Microsoft Windows 2000 Service Pack 4:

Microsoft Windows XP Service Pack 2:

Microsoft Windows XP Professional x64 Edition and Microsoft Windows XP Professional x64 Edition Service Pack 2:

A restart is required.

The Microsoft advisory is available at:

Vendor URL: (Links to External Site)
Cause:   Access control error, State error

Message History:   None.

 Source Message Contents

[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, LLC