CVE-2017-8460
published 2017-06-15CVE-2017-8460: Windows PDF in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows information…
PriorityP434high7.3CVSS 3.0
AVLACLPRLUIRSUCHIHAH
EPSS
3.31%
87.0th percentile
Windows PDF in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows information disclosure when a user opens a specially crafted PDF file, aka "Windows PDF Information Disclosure Vulnerability".
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_server_2012 | — | — |
| microsoft_corporation | windows_pdf | — | — |
| msrc | windows_10_for_32-bit_systems | — | — |
| msrc | windows_10_for_x64-based_systems | — | — |
| msrc | windows_10_version_1511_for_32-bit_systems | — | — |
| msrc | windows_10_version_1511_for_x64-based_systems | — | — |
| msrc | windows_10_version_1607_for_32-bit_systems | — | — |
| msrc | windows_10_version_1607_for_x64-based_systems | — | — |
| msrc | windows_10_version_1703_for_32-bit_systems | — | — |
| msrc | windows_10_version_1703_for_x64-based_systems | — | — |
| msrc | windows_8.1_for_32-bit_systems | — | — |
| msrc | windows_8.1_for_x64-based_systems | — | — |
| msrc | windows_rt_8.1 | — | — |
| msrc | windows_server_2012 | — | — |
| msrc | windows_server_2012_r2 | — | — |
| msrc | windows_server_2016 | — | — |
CVSS provenance
nvdv3.07.3HIGHCVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
nvdv2.04.4MEDIUMAV:L/AC:M/Au:N/C:P/I:P/A:P
vendor_msrc3.3LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
Windows PDF Information Disclosure Vulnerability
vendor_msrc·2017-06-13·CVSS 3.3
CVE-2017-8460 [HIGH] Windows PDF Information Disclosure Vulnerability
Windows PDF Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists in Microsoft Windows when a user opens a specially crafted PDF file. An attacker who successfully exploited the vulnerability could read memory in the context of the current user.
To exploit the vulnerability, an attacker would have to trick the user into opening the PDF file.
The update addresses the vulnerability by modifying how Windows parses PDF files.
Microsoft Windows PDF: Microsoft Windows PDF
Impact: Information Disclosure
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely;Older Software Release:Exploitation Unlikely
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4022725
Reference: https://catalog.
GHSA
GHSA-rmch-2qfg-mw32: Windows PDF in Windows 8
ghsa_unreviewed·2022-05-13
CVE-2017-8460 [HIGH] CWE-200 GHSA-rmch-2qfg-mw32: Windows PDF in Windows 8
Windows PDF in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows information disclosure when a user opens a specially crafted PDF file, aka "Windows PDF Information Disclosure Vulnerability".
No detection rules found.
No public exploits indexed.
http://www.securityfocus.com/bid/98887http://www.securitytracker.com/id/1038678https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8460http://www.securityfocus.com/bid/98887http://www.securitytracker.com/id/1038678https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8460
2017-06-15
Published