The vulnerability was used by Zirconium cyber-espionage group against older versions of Windows.
Vulnerability details
Advisory: SB2017031505 - Multiple vulnerabilities in Microsoft Windows
Vulnerable component: Windows
CVE-ID: CVE-2017-0005
CVSSv3 score: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C
CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Description:
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists due to improper handling of objects in memory by Windows Graphics Device Interface (GDI). A local attacker can run a specially crafted application, gain elevated privileges and execute arbitrary code on the affected system.
Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
Latest references in media:
- Right country, wrong group? Researchers say it wasnтАЩt APT10 that hacked Norwegian software firm [2019-02-12 20:31:16]
- Detecting and mitigating elevation-of-privilege exploit for CVE-2017-0005 [2017-03-27 17:00:01]
- Microsoft’s New Security Update Guides Get Mixed Reviews [2017-05-11 21:01:05]
- Microsoft Offers Analysis of Zero-Day Being Exploited By Zirconium Group [2017-03-28 23:20:19]
- Microsoft Quietly Patched Windows Zero-Day Used in Attacks by Zirconium Group [2017-03-27 23:00:45]
- Microsoft Patch Tuesday of March 2017: 18 Security Bulletins; 9 Rated Critical, 9 Important [2017-03-15 08:40:18]
- Microsoft Patches Many Exploited, Disclosed Flaws [2017-03-14 20:10:13]
- Microsoft released 18 security bulletins, 9 rated critical, many bugs disclosed/exploited [2017-03-14 19:40:38]
Vulnerability scanning SaaS service is online 3-rd generation vulnerability scanner with scheduled assessments and vulnerability subscription. You can use service to check security of your network perimeter.