Vulnerability Details : CVE-2017-0176

A buffer overflow in Smart Card authentication code in gpkcsp.dll in Microsoft Windows XP through SP3 and Server 2003 through SP2 allows a remote attacker to execute arbitrary code on the target computer, provided that the computer is joined in a Windows domain and has Remote Desktop Protocol connectivity (or Terminal Services) enabled.

Vulnerability category: OverflowExecute code

Published 2017-06-22 14:29:00

Updated 2019-10-24 15:15:31

Source Microsoft Corporation

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2017-0176

Probability of exploitation activity in the next 30 days: 82.62%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 98 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2017-0176

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	[email protected]
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
8.1	HIGH	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H	2.2	5.9	[email protected]
Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2017-0176

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

Assigned by: [email protected] (Primary)

References for CVE-2017-0176

https://support.microsoft.com/en-us/help/4022747/security-update-for-windows-xp-and-windows-server-2003

Patch;Vendor Advisory
https://blog.fortinet.com/2017/05/11/deep-analysis-of-esteemaudit

Exploit;Third Party Advisory
http://www.securityfocus.com/bid/98752

Third Party Advisory;VDB Entry
https://blog.0patch.com/2017/06/a-quick-analysis-of-microsofts.html
https://blogs.technet.microsoft.com/msrc/2017/04/14/protecting-customers-and-evaluating-risk/

Patch;Vendor Advisory
http://www.securityfocus.com/bid/98550

Third Party Advisory;VDB Entry

Products affected by CVE-2017-0176

Microsoft » Windows Xp » Update SP2
cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Windows Xp » Update SP1
cpe:2.3:o:microsoft:windows_xp:*:sp1:*:*:*:*:*:*
Matching versions
Microsoft » Windows Xp » Update SP3
cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*
Matching versions
Microsoft » Windows Xp
cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2003
cpe:2.3:o:microsoft:windows_server_2003:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2003 » Update SP2
cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
Matching versions