Remote Code Execution Vulnerability in Microsoft Windows PDF Library
CVE-2017-8737

7.5HIGH

Key Information:

Vendor
Microsoft
Status
Microsoft Windows PDF Library
Vendor
CVE Published:
13 September 2017

Summary

The Windows PDF Library in multiple Microsoft Windows versions contains a vulnerability that allows attackers to execute arbitrary code within the context of the current user. This issue arises from improper handling of objects in memory, presenting a risk to systems where the library is utilized. Users and administrators are advised to apply necessary patches or upgrades to safeguard against potential exploits.

Affected Version(s)

Microsoft Windows PDF Library Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016.

References

https://portal.msrc.microsoft.com/en-US/security-guidance...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1039327
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/100749
vdb-entryx_refsource_BID

EPSS Score

35% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.