CVE-2016-0118

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to the fixed version Microsoft Windows 10 Gold and 1511

Description The issue exists due to insufficient input validation in the PDF library of the Windows operating system. Exploitation of this issue may allow a remote attacker to execute arbitrary code using a specially crafted PDF document. If successfully exploited, an attacker could cause arbitrary code to execute in the context of the current user. This could lead to an attacker taking control of the affected system, installing programs, viewing, changing, or deleting data, or creating new accounts with full user rights. The impact may be less severe for users with fewer user rights on the system.

Recommendations For Microsoft Windows 10 Gold and 1511, update to a newer version that contains a fix for this issue. For Microsoft Windows versions prior to the fixed version, update to the fixed version to resolve the issue. As a temporary workaround, consider avoiding the use of specially crafted PDF documents until a patch is available. Restrict access to the PDF library to minimize the risk of exploitation.