CVE-2017-0023 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Corporation PDF
CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer30 documents5 sources
Severity
7.5HIGHNVD
EPSS
22.4%
top 4.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMar 17
Latest updateMay 14
Description
The PDF library in Microsoft Edge; Windows 8.1; Windows Server 2012 and R2; Windows RT 8.1; and Windows 10, 1511, and 1607 allows remote attackers to execute arbitrary code via a crafted PDF file, aka "Microsoft PDF Remote Code Execution Vulnerability."
CVSS vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9
Affected Packages14 packages
Patches
🔴Vulnerability Details
1💥Exploits & PoCs
21Exploit-DB▶
Microsoft Windows - 'USP10!SubstituteNtoM' Uniscribe Font Processing Out-of-Bounds Memory Read↗2017-06-23
Exploit-DB▶
Microsoft Windows - 'USP10!otlValueRecord::adjustPos' Uniscribe Font Processing Out-of-Bounds Memory Read↗2017-06-23
Exploit-DB▶
Microsoft Windows - 'USP10!CreateIndexTable' Uniscribe Font Processing Out-of-Bounds Memory Read↗2017-06-23
Exploit-DB▶
Microsoft Windows - 'USP10!otlSinglePosLookup::getCoverageTable' Uniscribe Font Processing Out-of-Bounds Memory Read↗2017-06-23
Exploit-DB▶
Microsoft Windows - 'USP10!otlReverseChainingLookup::apply' Uniscribe Font Processing Out-of-Bounds Memory Read↗2017-06-23