An integer overflow or wraparound condition occurs in the Windows Win32K graphics subsystem, specifically the GRFX component, enabling an attacker who already has local authorization to gain higher privileges. The flaw is a combination of an integer overflow (CWE‑190) and a use‑after‑free (CWE‑416), which can corrupt memory or redirect execution flow during graphic processing. If successfully triggered, the attacker could execute code with elevated rights, allowing access to protected resources, installation of malware, or persistence mechanisms.

The vulnerability affects a broad range of Microsoft Windows operating systems, including Windows 10 (v1607, v1809, v21H2, v22H2), Windows 11 (v23H2, v24H2, v25H2, v22H3, v26H1), and multiple Windows Server releases (Server 2012, Server 2012 R2, Server 2016, Server 2019, Server 2022, Server 2025, and Server 23H2). Updated CPE identifiers confirm impact across both 32‑bit and 64‑bit architectures as well as ARM64 configurations where applicable.

The CVSS score of 7.8 indicates a high severity for a local privilege escalation scenario. Although the EPSS score is not available, the absence of a KEV listing suggests no known exploits in the wild at the time of assessment, but the local attack requirements mean that users with legitimate access could pose a moderate to high risk if the vulnerability is present. The attack vector is inferred to be a local authorized user executing crafted input that exploits the overflow in GRFX; the vulnerability does not allow remote exploitation.