7.6

CVE-2017-0293

Microsoft Windows PDF Library in Windows Server 2008 R2 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability when it improperly handles objects in memory, aka "Windows PDF Remote Code Execution Vulnerability".

Data is provided by the National Vulnerability Database (NVD)
MicrosoftWindows 10 Version-
   MicrosoftEdge
MicrosoftWindows 10 Version1511
   MicrosoftEdge
MicrosoftWindows 10 Version1607
   MicrosoftEdge
MicrosoftWindows 10 Version1703
   MicrosoftEdge
MicrosoftWindows Server 2008 Versionr2 Updatesp1
   MicrosoftEdge
MicrosoftWindows Server 2012 Versionr2
   MicrosoftEdge
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 22.53% 0.957
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.5 1.6 5.9
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 7.6 4.9 10
AV:N/AC:H/Au:N/C:C/I:C/A:C
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://www.securityfocus.com/bid/100039
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039092
Third Party Advisory
VDB Entry