CVE-2016-3319

HIGH

Microsoft Edge and Windows PDF Library - Remote Code Execution via Crafted PDF File

Title source: llm
STIX 2.1

Description

The PDF library in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold and 1511, and Microsoft Edge allows remote attackers to execute arbitrary code via a crafted PDF file, aka "Microsoft PDF Remote Code Execution Vulnerability."

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1036561
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/92293

Scores

CVSS v3 7.0
EPSS 0.1854
EPSS Percentile 96.9%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-284
Status published
Products (7)
microsoft/edge
microsoft/windows_10
microsoft/windows_10 1511
microsoft/windows_10 1607
microsoft/windows_8.1
microsoft/windows_server_2012
microsoft/windows_server_2012 r2
Published Aug 09, 2016
Tracked Since Feb 18, 2026