fkie_cve-2006-5758
Vulnerability from fkie_nvd
Published
2006-11-06 20:07
Modified
2025-04-09 00:30
Severity ?
Summary
The Graphics Rendering Engine in Microsoft Windows 2000 through 2000 SP4 and Windows XP through SP2 maps GDI Kernel structures on a global shared memory section that is mapped with read-only permissions, but can be remapped by other processes as read-write, which allows local users to cause a denial of service (memory corruption and crash) and gain privileges by modifying the kernel structures.
References
cve@mitre.orghttp://kernelwars.blogspot.com/2007/01/alive.html
cve@mitre.orghttp://projects.info-pull.com/mokb/MOKB-06-11-2006.html
cve@mitre.orghttp://secunia.com/advisories/22668Vendor Advisory
cve@mitre.orghttp://securitytracker.com/id?1017168
cve@mitre.orghttp://www.blackhat.com/html/bh-europe-07/bh-eu-07-speakers.html#Eriksson
cve@mitre.orghttp://www.securityfocus.com/archive/1/466186/100/200/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/466186/100/200/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/20940Exploit
cve@mitre.orghttp://www.vupen.com/english/advisories/2006/4358Vendor Advisory
cve@mitre.orghttp://www.vupen.com/english/advisories/2007/1215Vendor Advisory
cve@mitre.orghttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-017
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/30042
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2056
af854a3a-2127-422b-91ae-364da2661108http://kernelwars.blogspot.com/2007/01/alive.html
af854a3a-2127-422b-91ae-364da2661108http://projects.info-pull.com/mokb/MOKB-06-11-2006.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22668Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1017168
af854a3a-2127-422b-91ae-364da2661108http://www.blackhat.com/html/bh-europe-07/bh-eu-07-speakers.html#Eriksson
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/466186/100/200/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/466186/100/200/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/20940Exploit
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/4358Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/1215Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-017
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/30042
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2056
Impacted products
Vendor Product Version
microsoft windows_2000 *
microsoft windows_xp *
microsoft windows_xp *
microsoft windows_xp *


To clipboard 

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
                     matchCriteriaId: "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:microsoft:windows_xp:*:gold:professional_x64:*:*:*:*:*",
                     matchCriteriaId: "74EE55A2-6020-4591-9F15-80E57D19207C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
                     matchCriteriaId: "9B339C33-8896-4896-88FF-88E74FDBC543",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*",
                     matchCriteriaId: "1AB9988B-5A9C-4F6D-BCCC-4D03AC6E4CF9",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The Graphics Rendering Engine in Microsoft Windows 2000 through 2000 SP4 and Windows XP through SP2 maps GDI Kernel structures on a global shared memory section that is mapped with read-only permissions, but can be remapped by other processes as read-write, which allows local users to cause a denial of service (memory corruption and crash) and gain privileges by modifying the kernel structures.",
      },
      {
         lang: "es",
         value: "El Graphics Rendering Engine en Microsoft Windows 2000 hasta 2000 SP4 y Windows XP hasta SP2 mapea estructuras del núcleo GDI en una sección de memoria global compartida que está mapeada con permisos de sólo lectura, pero puede ser remapeada por otros procesos como lectura-escritura, lo cual permite a usuarios locales provocar una denegación de servicio (corrupción de memoria y caída) y ganar privilegios modificando las estructuras del núcleo.",
      },
   ],
   id: "CVE-2006-5758",
   lastModified: "2025-04-09T00:30:58.490",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 7.2,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 10,
            obtainAllPrivilege: true,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2006-11-06T20:07:00.000",
   references: [
      {
         source: "cve@mitre.org",
         url: "http://kernelwars.blogspot.com/2007/01/alive.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://projects.info-pull.com/mokb/MOKB-06-11-2006.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/22668",
      },
      {
         source: "cve@mitre.org",
         url: "http://securitytracker.com/id?1017168",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.blackhat.com/html/bh-europe-07/bh-eu-07-speakers.html#Eriksson",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securityfocus.com/archive/1/466186/100/200/threaded",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securityfocus.com/archive/1/466186/100/200/threaded",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
         ],
         url: "http://www.securityfocus.com/bid/20940",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2006/4358",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2007/1215",
      },
      {
         source: "cve@mitre.org",
         url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-017",
      },
      {
         source: "cve@mitre.org",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/30042",
      },
      {
         source: "cve@mitre.org",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2056",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://kernelwars.blogspot.com/2007/01/alive.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://projects.info-pull.com/mokb/MOKB-06-11-2006.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/22668",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://securitytracker.com/id?1017168",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.blackhat.com/html/bh-europe-07/bh-eu-07-speakers.html#Eriksson",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/archive/1/466186/100/200/threaded",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/archive/1/466186/100/200/threaded",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
         ],
         url: "http://www.securityfocus.com/bid/20940",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2006/4358",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2007/1215",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-017",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/30042",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2056",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Deferred",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-119",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}


Log in or create an account to share your comment.

Security Advisory comment format.

This schema specifies the format of a comment related to a security advisory.

UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).



Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.