By zerosday cve bot•May 24, 2022•
cves
CVE-2017-0005: Microsoft Windows Graphics Device Interface (GDI) Privilege Escalation Vulnerability (Pentest Lab Guide)
CVE-2017-0005: Technical Deep-Dive (Auto Refreshed)
Generated on 2026-03-30T12:10:42.618Z. This file is automatically regenerated every 30 minutes by the CVE AI enrichment job using web sources (NVD, MITRE, CISA KEV, GitHub).
Executive Technical Summary
The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application, aka "Windows GDI Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0001, CVE-2017-0025, and CVE-2017-0047.
- Context preserved from previous revision: The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application, aka "Windows GDI Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0001, CVE-2017-0025, and CVE-2017-0047. Notes: Use SQL to instantly query advisories, vulnerabilities, packages, findings and more using Trivy. Open source CLI. No DB required.
Technical Details
- CVE: CVE-2017-0005
- KEV date added: Unknown
- KEV due date: Not specified
- NVD published: 2017-03-17
- NVD modified: 2025-10-22
- MITRE modified: 2025-10-21
- CVSS base score: 7.8
- CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- CVSS exploitability score: 1.8
- CVSS impact score: 5.9
- Attack vector: Local
- Attack complexity: Low
- Privileges required: Low
- User interaction: None
- Scope: Unchanged
- Confidentiality impact: High
- Integrity impact: High
- Availability impact: High
Versions and Products Impacted
- microsoft / windows 10 1507
- microsoft / windows 10 1511
- microsoft / windows 10 1607
- microsoft / windows 7
- microsoft / windows 8.1
- microsoft / windows rt 8.1
- microsoft / windows server 2008
- microsoft / windows server 2008 (versions: r2)
- microsoft / windows server 2012
- microsoft / windows server 2012 (versions: r2)
- microsoft / windows server 2016
- microsoft / windows vista
- Microsoft Corporation / Windows GDI (versions: The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607)
Weakness Classification
- NVD-CWE-noinfo
- Elevation of Privilege
- CWE-noinfo Not enough information
Repositories for Lab Validation (Public Examples)
- turbot/steampipe-plugin-trivy | stars: 9 | updated: 2026-03-25 | https://github.com/turbot/steampipe-plugin-trivy
Notes: Use SQL to instantly query advisories, vulnerabilities, packages, findings and more using Trivy. Open source CLI. No DB required. - imjasonh/rustvulncheck | stars: 1 | updated: 2026-03-30 | https://github.com/imjasonh/rustvulncheck
- triadapson/CYBERSECURITY-LAB-PORTFOLIO | stars: 0 | updated: 2026-03-30 | https://github.com/triadapson/CYBERSECURITY-LAB-PORTFOLIO
Notes: Hands-on cybersecurity lab portfolio covering 9 courses: A+, Network+, Security+, CCNA, Linux Administration, Windows Server, Ethical Hacking, and Digital Forensics. 95+ labs, 400+ exercises.
People and Organizations Mentioned
- microsoft
- turbot
- imjasonh
- triadapson
Practical Defensive Validation (Authorized Only)
- Use only isolated environments and systems you own or are explicitly authorized to test.
- Snapshot infrastructure before validation and preserve baseline logs (EDR, SIEM, OS, app).
- Create low-privilege users on microsoft / windows 10 1507 and validate that patching blocks unauthorized admin-level actions.
- Compare token/privilege transitions in Windows Event Logs before and after remediation.
- Tune detections for unusual group membership changes and SYSTEM-level process launches from user sessions.
References
- NVD record: https://nvd.nist.gov/vuln/detail/CVE-2017-0005
- MITRE CVE record: https://www.cve.org/CVERecord?id=CVE-2017-0005
- CISA KEV Catalog: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
- CISA KEV JSON feed: https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
- http://www.securityfocus.com/bid/96033
- http://www.securitytracker.com/id/1038002
- https://blogs.technet.microsoft.com/mmpc/2017/03/27/detecting-and-mitigating-elevation-of-privilege-exploit-for-cve-2017-0005/
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0005
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-0005
- Repository example: https://github.com/turbot/steampipe-plugin-trivy
- Repository example: https://github.com/imjasonh/rustvulncheck
- Repository example: https://github.com/triadapson/CYBERSECURITY-LAB-PORTFOLIO
This content is for defensive security training and authorized validation only.