CVE-2017-0292

Опубликовано: 15 июн. 2017

Источник: nvd

CVSS3: 7.8

CVSS2: 9.3

EPSS Средний

Описание

Windows PDF in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows remote code execution if a user opens a specially crafted PDF file, aka "Windows PDF Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0291.

Ссылки

http://www.securityfocus.com/bid/98836
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1038678
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0292
Patch
Vendor Advisory
http://www.securityfocus.com/bid/98836
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1038678
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0292
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*

cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*

cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*

EPSS

Процентиль: 96%

0.28434

Средний

7.8 High

CVSS3

9.3 Critical

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

CVE-2017-0292

CVSS3: 3.6

msrc

около 8 лет назад

Windows PDF Remote Code Execution Vulnerability

GHSA-hvhc-4cj4-9j3j