CVE-2017-8728

Name of the Vulnerable Software and Affected Versions Microsoft Windows PDF Library versions prior to the fixed version Windows 8.1 and Windows RT 8.1 Windows Server 2012 and R2 Windows 10 Gold, 1511, 1607, 1703 Windows Server 2016

Description The issue is related to the incorrect handling of objects in memory by the Windows PDF Library, which can allow a remote attacker to execute arbitrary code in the context of the current user. This can be exploited when a user visits a specially prepared website using the Microsoft Edge browser in Microsoft Windows 10, or by opening a specially created PDF document in other affected operating systems. If the current user has administrative rights, an attacker could take control of the affected system, install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations For Windows 8.1 and Windows RT 8.1, update to a newer version that contains a fix for this issue. For Windows Server 2012 and R2, update to a newer version that contains a fix for this issue. For Windows 10 Gold, 1511, 1607, 1703, update to a newer version that contains a fix for this issue. For Windows Server 2016, update to a newer version that contains a fix for this issue. As a temporary workaround, consider avoiding the use of the Microsoft Edge browser to open PDF documents from untrusted sources until a patch is available.