FAQ
What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
MSRC compact vulnerability detail
CVE-2025-49708 · Microsoft Graphics Component Elevation of Privilege Vulnerability
Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges over a network.
Signals
Microsoft Graphics Component
Elevation of Privilege
Exploited: No
Publicly disclosed: No
Exploitability: Exploitation Less Likely
CWE
Patch Diff
Loading module diff metadata...
Resolved binary override
Use this when the MSRC module name cannot be mapped automatically or the resolved binary looks wrong.
Description
Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges over a network.
FAQ / Articles
FAQ
How could an attacker exploit this vulnerability? An attacker can exploit this vulnerability by getting access to the local guest VM so they can attack the Host OS.
FAQ
According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? Compromising the host enables an attacker to impact other virtual machines running on the same host, even if those VMs are not directly vulnerable to this issue.
Microsoft Graphics Component Remote Code Execution Vulnerability
Use after free in Microsoft Graphics Component allows an unauthorized attacker to execute code locally.
Microsoft Graphics Component Elevation of Privilege Vulnerability
Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges over a network.