PT-2017-2427 · Microsoft · Gpkcsp.Dll+2

Published

2017-06-22

Updated

2019-10-24

CVE-2017-0176

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Microsoft Windows XP versions prior to SP3 Microsoft Windows Server 2003 versions prior to SP2

Description A buffer overflow in the Smart Card authentication code in gpkcsp.dll allows a remote attacker to execute arbitrary code on the target computer. This issue affects computers that are part of a Windows domain and have Remote Desktop Protocol connectivity or Terminal Services enabled.

Recommendations For Microsoft Windows XP versions prior to SP3, update to SP3 or a later service pack to resolve the issue. For Microsoft Windows Server 2003 versions prior to SP2, update to SP2 or a later service pack to resolve the issue.

Exploit

Fix

Buffer Overflow

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-120CWE-284

Related Identifiers

BDU:2017-01632

CVE-2017-0176

Affected Products

Windows Server 2003

Windows Xp

Gpkcsp.Dll

PT-2017-2427 · Microsoft · Gpkcsp.Dll+2

CVE-2017-0176

Weakness Enumeration

Related Identifiers

Affected Products

References · 8