CVE-2016-0046

Name of the Vulnerable Software and Affected Versions Windows Reader versions in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10

Description The issue is related to insufficient data validation in the Windows Reader component, allowing remote attackers to execute arbitrary code via a crafted Reader file. This could enable an attacker to take control of the affected system, install programs, view, change, or delete data, or create new accounts with full user rights, especially if the user is logged on with administrative user rights. Users with fewer user rights on the system may be less impacted.

Recommendations For Windows Reader in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10, consider disabling the Windows Reader component until a patch is available to prevent exploitation. Restrict access to specially crafted Reader files to minimize the risk of arbitrary code execution. Avoid opening untrusted or specially crafted files in Windows Reader until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.