CVE-2016-3203 — Improper Input Validation in Microsoft Windows 10

CWE-20 — Improper Input Validation7 documents4 sources

Severity

7.8HIGHNVD

EPSS

49.2%

top 2.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows 10 Microsoft Windows Server 2012 Msrc Microsoft Edge ON Windows 10 FOR 32-bit Systems +11 more

Timeline

PublishedJun 16

Latest updateMay 14

Description

Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold and 1511, and Microsoft Edge allow remote attackers to execute arbitrary code via a crafted PDF document, aka "Windows PDF Remote Code Execution Vulnerability."

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages14 packages

▶msrcmsrc/microsoft_edge_on_windows_10_version_1511_for_32-bit_systems

▶msrcmsrc/microsoft_edge_on_windows_10_version_1511_for_x64-based_systems

▶msrcmsrc/microsoft_edge_on_windows_10_for_32-bit_systems

▶msrcmsrc/microsoft_edge_on_windows_10_for_x64-based_systems

▶NVDmicrosoft/windowsr2

🔴Vulnerability Details

GHSA

GHSA-qh3v-9g3g-rrf5: Microsoft Windows 8↗2022-05-14

▶

📋Vendor Advisories

Microsoft

Windows PDF Information Disclosure Vulnerability↗2016-06-14

▶

Microsoft

Windows PDF Information Disclosure Vulnerability↗2016-06-14

▶

Microsoft

Windows PDF Remote Code Execution↗2016-06-14

▶

🕵️Threat Intelligence

Talos

Microsoft Patch Tuesday - June 2016↗2016-06-14

▶

Talos

Microsoft Patch Tuesday - June 2016↗2016-06-14

▶