|CERT-In Vulnerability Note
Remote Code Execution Vulnerability in Microsoft Windows
Original Issue Date:March 15, 2017
Severity Rating: HIGH
- Microsoft Windows PDF Library
- Microsoft Windows 8.1 for 32-bit and x64-based Systems
- Microsoft Windows 10 for 32-bit and x64-based Systems
- Microsoft Windows 10 Version 1511 for 32-bit and x64-based Systems
- Microsoft Windows 10 Version 1607 for 32-bit and x64-based Systems
- Microsoft Windows RT 8.1
- Microsoft Windows Server 2012
- Microsoft Windows Server 2012 R2
- Windows Server 2012 (Server Core installation)
- Windows Server 2012 R2 (Server Core installation)
- Microsoft Windows Server 2016 x64-based Systems
A vulnerability has been reported in Microsoft Windows PDF Library, which could be exploited by a remote attacker to execute arbitrary code.
This vulnerability exists due to improper handling of objects in memory. A remote attacker could exploit this vulnerability by convincing users to open a specially crafted PDF document by way of an enticement in an email or instant message or by way of an email attachment or by hosting a specially crafted website that contains malicious PDF content.
Successful exploitation of this vulnerability could allow the attacker to execute arbitrary code in the context of the currently logged-in user to gain all his privileges.
Apply appropriate fix as mentioned in the given link:
The information provided herein is on "as is" basis, without warranty of any kind.
Email: firstname.lastname@example.org Phone: +91-11-24368572
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
6, CGO Complex, Lodhi Road,
New Delhi - 110 003