Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2017-0038

EPSS 80.46% · P99
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2017-0038

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
gdi32.dll in Graphics Device Interface (GDI) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information from process heap memory via a crafted EMF file, as demonstrated by an EMR_SETDIBITSTODEVICE record with modified Device Independent Bitmap (DIB) dimensions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-3216, CVE-2016-3219, and/or CVE-2016-3220.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Microsoft Windows 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Microsoft Windows是美国微软(Microsoft)公司发布的一系列操作系统。 Microsoft Windows中的Graphics Device Interface (GDI)的gdi32.dll文件存在安全漏洞。远程攻击者可借助特制的EMF文件利用该漏洞获取进程堆内存的敏感信息。以下版本受到影响:Microsoft Windows Vista SP2版本,Windows Server 2008 SP2和R2 SP1版本,Windows 7 SP1版本,Windows 8.1版本,Win
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

VendorProductAffected VersionsCPESubscribe
Microsoft CorporationWindows Graphics Component The Graphics Device Interface (GDI) component in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 -

II. Public POCs for CVE-2017-0038

#POC DescriptionSource LinkShenlong Link
1Nonehttps://github.com/k0keoyo/CVE-2017-0038-EXP-C-JSPOC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2017-0038

登录查看更多情报信息。

IV. Related Vulnerabilities

Same product: Windows Graphics Component
Same vendor: Microsoft Corporation

V. Comments for CVE-2017-0038

No comments yet

Leave a comment