Vulnerability Protection

Vulnerabilities in Microsoft Graphics Components Could Allow Remote Code Execution


Report ID:


Date Published:

15 March 2017

Date Revised:



Compromise Type:

Remote code execution, escalation of privilege, information disclosure

Compromise From:


Affected Product/Component:

Windows Vista
Windows Server 2008
Windows 7
Windows Server 2008 R2
Windows 8.1
Windows Server 2012 and Microsoft Server 2012 R2
Windows RT 8.1
Windows 10
Windows Server 2016


Multiple vulnerabilities found in Microsoft graphics components could, if successfully exploited, lead to remote code execution, escalation of privilege, and information disclosure. 

Detailed Description

Microsoft has issued a security update to address multiple vulnerabilities that affect Microsoft Graphics Component. Out of the twelve vulnerabilities in total, four were escalation of privilege vulnerabilties that could allow an attacker to run arbitrary code in kernel mode. They were caused by an error in the way that Windows Graphics Device Interface (GDI) handles objects in memory. 

Six of the other vulnerabilities could allow information disclosure upon successful exploitation. They were caused by improper disclosure of the contents in Windows GDI components' memory, improper handling of memory by Windows GDI, and improper handling of memory by Color Management Module (ICM32.dll). 

The remaining two vulnerabilities were remote code execution vulnerabilities caused by Windows Graphics Component's failure to properly handle objects in memory. All of the issues mentioned above have been rectified in the latest security update by introducing corrective modifications on applicable components. 

CVE Reference

CVE-2017-0001, CVE-2017-0005, CVE-2017-0025, CVE-2017-0047, CVE-2017-0038, CVE-2017-0060, CVE-2017-0062, CVE-2017-0073, CVE-2017-0061, CVE-2017-0063, CVE-2017-0108, CVE-2017-0014


Install the latest security patch for applicable system, available for download from


Microsoft Security Bulletin MS17-013