Remote Code Execution Vulnerability in Windows PDF Reader by Microsoft
CVE-2017-0292

7.8HIGH

Key Information:

Vendor
Microsoft
Status
Windows PDF
Vendor
CVE Published:
15 June 2017

Summary

A vulnerability exists in the Windows PDF reader that allows an attacker to execute arbitrary code on a victim's system. This occurs when a user opens a specially crafted PDF file, enabling the potential for unauthorized access and control. Affected versions include various editions of Windows 10 and Windows Server environments. It is crucial for users to apply security updates from Microsoft to mitigate this risk and protect against potential exploitation.

Affected Version(s)

Windows PDF Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016

References

http://www.securityfocus.com/bid/98836
vdb-entryx_refsource_BID
https://portal.msrc.microsoft.com/en-US/security-guidance...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1038678
vdb-entryx_refsource_SECTRACK

EPSS Score

12% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.