CVE-2016-3319

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to the fixed version Microsoft Edge versions prior to the fixed version Microsoft Windows 8.1 Microsoft Windows Server 2012 Gold and R2 Microsoft Windows 10 Gold and 1511

Description The issue is related to the PDF library in Microsoft Windows and Microsoft Edge, which allows remote attackers to execute arbitrary code via a crafted PDF file. This is due to insufficient access control in the PDF library. The vulnerability can be exploited by a remote attacker to execute arbitrary code on the affected system. If the current user has administrative rights, an attacker could take control of the system, install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations For Microsoft Windows 8.1, apply the fix for the Microsoft PDF Remote Code Execution Vulnerability. For Microsoft Windows Server 2012 Gold and R2, apply the fix for the Microsoft PDF Remote Code Execution Vulnerability. For Microsoft Windows 10 Gold and 1511, apply the fix for the Microsoft PDF Remote Code Execution Vulnerability. For Microsoft Edge, apply the fix for the Microsoft PDF Remote Code Execution Vulnerability. As a temporary workaround, consider restricting access to PDF files from untrusted sources until a patch is available.