CVE-2016-3374

high-risk
Published 2016-09-14

The PDF library in Microsoft Edge, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information via a crafted web site, aka "PDF Library Information Disclosure Vulnerability," a different vulnerability than CVE-2016-3370.

Do I need to act?

!
32.3% chance of exploitation in next 30 days
EPSS score — higher than 68% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.5/10 Medium
NETWORK / LOW complexity

Affected Products (8)

Affected Vendors

Microsoft

References (12)

http://blog.malerisch.net/2016/09/microsoft--out-of-bounds-read-pdf-library-cve-...
http://srcincite.io/advisories/src-2016-39/
http://www.securityfocus.com/bid/92838
http://www.securitytracker.com/id/1036789
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-10...
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-11...
http://blog.malerisch.net/2016/09/microsoft--out-of-bounds-read-pdf-library-cve-...
http://srcincite.io/advisories/src-2016-39/
http://www.securityfocus.com/bid/92838
http://www.securitytracker.com/id/1036789
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-10...
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-11...
54
/ 100
high-risk
Severity 24/34 · High
Exploitability 16/34 · Moderate
Exposure 14/34 · Moderate