Remote code execution in Microsoft Windows PDF Library
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2016-3319 |
| CWE-ID | CWE-119 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Windows Operating systems & Components / Operating system Windows Server Operating systems & Components / Operating system Microsoft Edge Client/Desktop applications / Web browsers |
| Vendor | Microsoft |
Security Bulletin
This security bulletin contains one high risk vulnerability.
1) Memory Corruption in Microsoft PDF library
EUVDB-ID: #VU278
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-3319
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error in Microsoft Windows PDF Library when parsing objects in memory. A remote attacker can create a specially crafted PDF file, trick a victim to open that file in browser or PDF reader, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of this vulnerability my allow an attacker to run arbitrary code on vulnerable system.
Vulnerable software versionsWindows: 8.1 - 10
Windows Server: 2012 - 2012 R2
Microsoft Edge: All versions
External linkshttp://technet.microsoft.com/en-us/library/security/ms16-096.aspx
http://technet.microsoft.com/en-us/library/security/ms16-102.aspx
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
