CVE-2017-8737

Name of the Vulnerable Software and Affected Versions Microsoft Windows PDF Library versions 8.1 through 10, Windows Server 2012 and 2016

Description The issue allows an attacker to execute arbitrary code in the context of the current user due to the way that Windows PDF Library handles objects in memory. This can be exploited by visiting a specially prepared website using Microsoft Edge in Windows 10, or by opening a specially created PDF document in other affected systems. If the current user is logged on with administrative user rights, an attacker could take control of an affected system, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations For Windows 8.1, update to a newer version to mitigate the risk. For Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016, update to a newer version to mitigate the risk. As a temporary workaround, consider disabling the Microsoft Edge browser or restricting access to PDF files until a patch is available. Avoid opening specially created PDF documents from untrusted sources until the issue is resolved.