MS16-012  Security Update for Microsoft Windows PDF Library to Address Remote Code Execution

2016-02-09 This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow remote code execution if a user visits a malicious website.
Vulnerabilities addressed in this bulletin:
Microsoft Windows Reader Vulnerability
A remote code execution vulnerability exists in Microsoft Windows when a specially crafted file is opened in Windows Reader. An attacker who successfully exploited this vulnerability could cause arbitrary code to execute in the context of the current user. If a user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
CVE-2016-0046
Microsoft PDF Library Buffer Overflow Vulnerability
A vulnerability exists in Microsoft Windows PDF Library when it improperly handles application programming interface (API) calls, which could allow an attacker to run arbitrary code on the user’s system. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
CVE-2016-0058

Bulletin details at Microsoft.com

Related CVE Entries

CVE-2016-0046

Windows Reader in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 allows remote attackers to execute arbitrary code via a crafted Reader file, aka "Microsoft Windows Reader Vulnerability."
Max CVSS
9.3
EPSS Score
22.06%
Published
2016-02-10
Updated
2019-05-15

CVE-2016-0058

Buffer overflow in the PDF Library in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 allows remote attackers to execute arbitrary code via a crafted PDF document that triggers API calls, aka "Microsoft PDF Library Buffer Overflow Vulnerability."
Max CVSS
9.3
EPSS Score
19.57%
Published
2016-02-10
Updated
2019-05-15
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close