CVE-2006-5586

The Graphics Rendering Engine in Microsoft Windows 2000 SP4 and XP SP2 allows local users to gain privileges via "invalid application window sizes" in layered application windows, aka the "GDI Invalid Window Size Elevation of Privilege Vulnerability."

Published: Apr 4, 2007
Updated: Apr 13, 2023
CVE: CVE-2006-5586
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
microsoft / windows_xp	-	-
microsoft / windows_2000	-	-

http://www.securityfocus.com/archive/1/466186/100/200/threaded
http://www.securityfocus.com/bid/23277
http://www.securitytracker.com/id?1017846
http://www.vupen.com/english/advisories/2007/1215
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-017
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1385

Vulnerability Database

290,020

CVE-2006-5586