Remote Code Execution Vulnerability in Microsoft Windows PDF Library
CVE-2017-8728

7.5HIGH

Key Information:

Vendor
Microsoft
Status
Microsoft Windows PDF Library
Vendor
CVE Published:
13 September 2017

Summary

The Microsoft Windows PDF Library is vulnerable to a remote code execution issue that arises from improper handling of objects in memory. An attacker could exploit this flaw via specially crafted PDF files to execute arbitrary code with the privileges of the current user. Affected systems include several versions of Windows, potentially putting users at risk of system compromise if malicious PDFs are accessed. Regular updates and patches are recommended to mitigate these security risks.

Affected Version(s)

Microsoft Windows PDF Library Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016.

References

http://www.securityfocus.com/bid/100739
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1039327
vdb-entryx_refsource_SECTRACK
https://portal.msrc.microsoft.com/en-US/security-guidance...
x_refsource_CONFIRM

EPSS Score

34% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.