9.3
CVSSv2

CVE-2017-0176

Published: 22/06/2017 Updated: 05/07/2017
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.1 | Impact Score: 5.9 | Exploitability Score: 2.2
VMScore: 828
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Summary

A buffer overflow in Smart Card authentication code in gpkcsp.dll in Microsoft Windows XP through SP3 and Server 2003 through SP2 allows a remote malicious user to execute arbitrary code on the target computer, provided that the computer is joined in a Windows domain and has Remote Desktop Protocol connectivity (or Terminal Services) enabled.

Vulnerability Trend

Affected Products

Github Repositories

nvdnistgov/vuln/detail/CVE-2017-0176 wwwprocesslibrarycom/en/directory/files/gpkcsp/21601/

Recent Articles

Smominru Botnet Infected Over 500,000 Windows Machines
BleepingComputer • Catalin Cimpanu • 01 Feb 2018

Over 526,000 Windows computers —mainly Windows servers— have been infected with Monero mining software by a group that operates the biggest such botnet known to date.
This group's operations have been known to security researchers since last year, and various companies have published reports on its activity. Because the botnet is so massive and widespread, most previous reports covered only a fraction of the group's entire operation.
The most recent reports that have gotten to th...

Rare XP Patches Fix Three Remaining Leaked NSA Exploits
Threatpost • Michael Mimoso • 14 Jun 2017

The unusual decision Microsoft made to release patches on Tuesday for unsupported versions of Windows was prompted by three NSA exploits that remained unaddressed from April’s ShadowBrokers leak.
The worst of the bunch, an attack called ExplodingCan (CVE-2017-7269), targets older versions of Microsoft’s Internet Information Services (IIS) webserver, version 6.0 in particular, and enables an attacker to gain remote code execution on a Windows 2003 server.
All three attacks allow a...