Windows PDF Information Disclosure Vulnerability in Microsoft Products
CVE-2017-8460

7.3HIGH

Key Information:

Vendor

Microsoft
Status
Windows PDF
Vendor
CVE Published:
15 June 2017

What is CVE-2017-8460?

The vulnerability in Windows PDF allows an attacker to exploit a specifically crafted PDF file, leading to potential information disclosure. This can jeopardize sensitive data and privacy for users across several Windows operating systems, including versions of Windows 8.1 and Windows Server 2016. Users and system administrators must ensure that appropriate mitigations are in place to prevent unauthorized access to sensitive information.

Affected Version(s)

Windows PDF Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016

References

http://www.securityfocus.com/bid/98887
vdb-entryx_refsource_BID
https://portal.msrc.microsoft.com/en-US/security-guidance...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1038678
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.