Описание
Windows PDF Remote Code Execution
A remote code execution vulnerability exists in Microsoft Windows if a user opens a specially crafted .pdf file. An attacker who successfully exploited the vulnerabilities could cause arbitrary code to execute in the context of the current user.
If a user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
The update addresses the vulnerabilities by modifying how Windows parses .pdf files.
FAQ
For my particular system and Microsoft Edge configuration, which update addresses the vulnerability discussed in CVE-2016-3201, CVE-2016-3203, or CVE-2016-3215? The vulnerabilities addressed by the updates for CVE-2016-3201, CVE-2016-3203, and CVE-2016-3215 released in MS16-068 are for systems running Microsoft Edge. These CVEs are also addressed for operating system components in MS16-080. MS16-068 and MS16-080 are addressed by this month’s cumulative Windows 10 update.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Windows Server 2012 | ||
| Windows 8.1 for 32-bit systems | ||
| Windows 8.1 for x64-based systems | ||
| Windows Server 2012 R2 | ||
| Windows 10 for 32-bit Systems | ||
| Windows 10 for x64-based Systems | ||
| Windows 10 Version 1511 for x64-based Systems | ||
| Windows 10 Version 1511 for 32-bit Systems | ||
| Microsoft Edge (EdgeHTML-based) on Windows 10 for 32-bit Systems | ||
| Microsoft Edge (EdgeHTML-based) on Windows 10 for x64-based Systems |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
Older Software Release
DOS
EPSS
Связанные уязвимости
Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold and 1511, and Microsoft Edge allow remote attackers to execute arbitrary code via a crafted PDF document, aka "Windows PDF Remote Code Execution Vulnerability."
Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold and 1511, and Microsoft Edge allow remote attackers to execute arbitrary code via a crafted PDF document, aka "Windows PDF Remote Code Execution Vulnerability."
Уязвимость операционной системы Windows и браузера Microsoft Edge, позволяющая нарушителю выполнить произвольный код
EPSS