CVE-2016-0117

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions 8.1, 10 Gold, 10 1511, Windows Server 2012 Gold and R2, Windows RT 8.1

Description The issue allows remote attackers to execute arbitrary code via a crafted PDF document. This is due to insufficient input validation in the PDF library. An attacker who successfully exploits the issue could cause arbitrary code to execute in the context of the current user. If a user is logged on with administrative user rights, an attacker could take control of the affected system, then install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations For Microsoft Windows versions 8.1, 10 Gold, 10 1511, Windows Server 2012 Gold and R2, Windows RT 8.1, avoid opening specially crafted .pdf files until a patch is available. As a temporary workaround, consider restricting the use of the PDF library until a fix is provided. Restrict access to administrative user rights to minimize the risk of exploitation.