CVE-2017-0023

Name of the Vulnerable Software and Affected Versions Microsoft Edge (affected versions not specified) Windows 8.1 Windows Server 2012 and R2 Windows RT 8.1 Windows 10 versions 1511 through 1607

Description The issue is related to a buffer overflow in the memory of the Windows PDF library, allowing remote attackers to execute arbitrary code via a crafted PDF file. This could enable an attacker to take control of an affected system, install programs, view, change, or delete data, or create new accounts with full user rights, especially if the current user has administrative privileges.

Recommendations For Windows 8.1, consider restricting access to PDF files from untrusted sources until a patch is available. For Windows Server 2012 and R2, restrict the use of the PDF library to minimize the risk of exploitation. For Windows RT 8.1, avoid opening PDF files from unknown sources in Microsoft Edge. For Windows 10 versions 1511 through 1607, as a temporary workaround, consider disabling the PDF library in Microsoft Edge until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.