{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T10:57:38.672","vulnerabilities":[{"cve":{"id":"CVE-2017-0038","sourceIdentifier":"secure@microsoft.com","published":"2017-02-20T16:59:00.143","lastModified":"2025-04-20T01:37:25.860","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"gdi32.dll in Graphics Device Interface (GDI) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information from process heap memory via a crafted EMF file, as demonstrated by an EMR_SETDIBITSTODEVICE record with modified Device Independent Bitmap (DIB) dimensions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-3216, CVE-2016-3219, and/or CVE-2016-3220."},{"lang":"es","value":"gdi32.dll en Graphics Device Interface (GDI) en Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1, y Windows 10 Gold, 1511 y 1607 permite a atacantes remotos obtener información sensible de la memoria dinámica de proceso a través de un archivo EMF manipulado, como demostrado por un registro EMR_SETDIBITSTODEVICE con dimensiones Device Independent Bitmap (DIB) modificadas. NOTA: esta vulenrabilidad existe por un arreglo incompleto de la CVE-2016-3216, CVE-2016-3219 y/o CVE-2016-3220."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*","matchCriteriaId":"21540673-614A-4D40-8BD7-3F07723803B0"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*","matchCriteriaId":"232581CC-130A-4C62-A7E9-2EC9A9364D53"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*","matchCriteriaId":"E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:*:*","matchCriteriaId":"7519928D-0FF2-4584-8058-4C7764CD5671"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*","matchCriteriaId":"A7F51B5F-AA19-4D31-89FA-6DFAC4BA8F0F"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*","matchCriteriaId":"197E82CB-81AF-40F1-A55C-7B596891A783"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*","matchCriteriaId":"0C28897B-044A-447B-AD76-6397F8190177"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*","matchCriteriaId":"2ACA9287-B475-4AF7-A4DA-A7143CEF9E57"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*","matchCriteriaId":"A7DF96F8-BA6A-4780-9CA3-F719B3F81074"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*","matchCriteriaId":"DB18C4CE-5917-401E-ACF7-2747084FD36E"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*","matchCriteriaId":"AF6437F9-6631-49D3-A6C2-62329E278E31"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*","matchCriteriaId":"0A0D2704-C058-420B-B368-372D1129E914"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96023","source":"secure@microsoft.com"},{"url":"http://www.securitytracker.com/id/1037845","source":"secure@microsoft.com"},{"url":"https://0patch.blogspot.com/2017/02/0patching-0-day-windows-gdi32dll-memory.html","source":"secure@microsoft.com","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://bugs.chromium.org/p/project-zero/issues/detail?id=992","source":"secure@microsoft.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/k0keoyo/CVE-2017-0038-EXP-C-JS","source":"secure@microsoft.com"},{"url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0038","source":"secure@microsoft.com"},{"url":"https://www.exploit-db.com/exploits/41363/","source":"secure@microsoft.com"},{"url":"http://www.securityfocus.com/bid/96023","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037845","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://0patch.blogspot.com/2017/02/0patching-0-day-windows-gdi32dll-memory.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://bugs.chromium.org/p/project-zero/issues/detail?id=992","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/k0keoyo/CVE-2017-0038-EXP-C-JS","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0038","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.exploit-db.com/exploits/41363/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}