CVE-2020-1096

Name of the Vulnerable Software and Affected Versions Microsoft Edge PDF Reader (affected versions not specified) Microsoft Windows PDF Library (affected versions not specified)

Description A remote code execution issue exists due to improper handling of objects in memory by the Microsoft Edge PDF Reader and the Microsoft Windows PDF Library. This could allow an attacker to execute arbitrary code in the context of the current user by exploiting the vulnerability with a specially crafted Microsoft PDF file. If the current user has administrative rights, an attacker could gain control of the affected system, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations For Microsoft Edge PDF Reader, update to a version that properly handles objects in memory to prevent remote code execution. For Microsoft Windows PDF Library, apply the necessary patches or updates to fix the DirectWrite Use-After-Free issue and prevent remote code execution. As a temporary workaround, consider restricting the use of the Microsoft Edge PDF Reader and the Microsoft Windows PDF Library until a patch is available.