CVE-2017-0263
ENISA EUVD: EUVD-2017-0619 ↗
Exploited in the Wild
✓ Confirmed 0-Day
★ Google Project Zero
Triaged: March 5, 2026
1 article
EPSS Score
Source: FIRST.org · 2026-05-24
20.29%
probability
This CVE has a 20.29% probability
of being exploited in the next 30 days.
0%
Top 95.6th percentile of all CVEs
100%
CVSS v3.1
Source: NVD7.8
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Description
Project ZeroUse-after-free in win32k!xxxDestroyWindow
Affected Products
Attack Intelligence
CWE-118
· Incorrect Access of Indexable Resource ('Range Error')
CWE-119
· Buffer Overflow
CWE-416
· Use After Free
CWE-664
· Improper Control of a Resource Through its Lifetime
CWE-666
· Operation on Resource in Wrong Phase of Lifetime
CWE-672
· Operation on a Resource after Expiration or Release
CWE-825
· Expired Pointer Dereference
Google Project Zero
Patched
May 9, 2017
Reported by
Mikhail Tsvetkov of Positive Technologies, Dhanesh Kizhakkinan of FireEye Inc, Thomas Dupuy and Jessy Campos of ESET
Root Cause Analysis
???
Exploits & PoC
3 of 4 Zero-Days Microsoft Patched Yesterday Were Used by Russian Cyberspies
BleepingComputer
May 10, 2017
Signal Intelligence
Confidence
95%
EPSS
20.29%
CVSS v3.1
7.8
Mentions
1
Last Seen
May 10, 2017
CNA Information
Analyst Note
Auto-imported from Google Project Zero — confirmed zero-day by definition.
Threat Actors 1
Turla Group
apt_group
Information theft and espionage
Russian Federation
Triage Info
Decided atMar 05, 2026