CVE-2017-0292

Name of the Vulnerable Software and Affected Versions Windows versions 8.1, 10 (including 1511, 1607, 1703), and Windows Server versions 2012 (including Gold and R2), 2016 Microsoft Word versions 2013, 2016

Description The issue is related to insufficient access control in Windows and Microsoft Word, allowing remote code execution when a user opens a specially crafted PDF file. This could enable an attacker to execute arbitrary code in the context of the current user. The exploitation involves enticing the user to open a malicious PDF file.

Recommendations For Windows versions 8.1, 10 (including 1511, 1607, 1703), and Windows Server versions 2012 (including Gold and R2), 2016, update to a version that includes the fix for this issue. For Microsoft Word versions 2013, 2016, avoid opening specially crafted PDF files until a patch is applied. As a temporary workaround, consider restricting the use of PDF files from untrusted sources to minimize the risk of exploitation.