Microsoft Windows PDF Library Remote Code Execultion Vulnerabilities

Last Update Date: 11 Feb 2016 12:23 Release Date: 11 Feb 2016 3092 Views

RISK: Medium Risk

TYPE: Operating Systems - Windows OS

Microsoft Windows Reader Vulnerability
A remote code execution vulnerability exists in Microsoft Windows when a specially crafted file is opened in Windows Reader. An attacker who successfully exploited this vulnerability could cause arbitrary code to execute in the context of the current user. If a user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Microsoft PDF Library Buffer Overflow Vulnerability
A vulnerability exists in Microsoft Windows PDF Library when it improperly handles application programming interface (API) calls, which could allow an attacker to run arbitrary code on the user's system. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.