CVE-2017-0293Improper Restriction of Operations within the Bounds of a Memory Buffer in Corporation Microsoft Windows PDF

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer10 documents6 sources
Severity
7.5HIGHNVD
EPSS
22.5%
top 4.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
20
Microsoft Corporation Microsoft Windows PDFMicrosoft Windows 10Microsoft Windows Server 2008+17 more
Timeline
PublishedAug 8
Latest updateMay 17

Description

Microsoft Windows PDF Library in Windows Server 2008 R2 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability when it improperly handles objects in memory, aka "Windows PDF Remote Code Execution Vulnerability".

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages19 packages

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

1
GHSA
GHSA-692c-vj4g-4ghr: Microsoft Windows PDF Library in Windows Server 2008 R2 SP1, Windows 82022-05-17

💥Exploits & PoCs

1
Exploit-DB
wolfSSL 3.10.2 - x509 Certificate Text Parsing Off-by-One2017-05-09

📋Vendor Advisories

1
Microsoft
Windows PDF Remote Code Execution Vulnerability2017-08-08

🕵️Threat Intelligence

6
Talos
Microsoft Patch Tuesday - August 20172017-08-08
Qualys
August Patch Tuesday: 25 critical Microsoft vulnerabilities, 43 for Adobe | Qualys2017-08-08
Qualys
August Patch Tuesday: 25 critical Microsoft vulnerabilities, 43 for Adobe2017-08-08
Talos
Microsoft Patch Tuesday - August 20172017-08-08
Talos
Vulnerability Spotlight: WolfSSL library X.509 Certificate Text Parsing Code Execution Vulnerability2017-05-08