Microsoft CVE-2017-0023:
Microsoft PDF Memory Corruption
Vulnerability
A remote code execution vulnerability
exists when Microsoft Windows Exploit
PDF Library improperly handles objects
in memory. The vulnerability could
corrupt memory in a way that enables an
attacker to execute arbitrary code in
the context of the current user.
An attacker who successfully exploited
the vulnerability could gain the same
user rights as the current user. If the
current user is logged on with
administrative user rights, an attacker
could take control of an affected
system. An attacker could then install
programs; view, change, or delete data;
or create new accounts with full user
rights.
To exploit the vulnerability on All
Windows systems with Microsoft Edge set
as the default browser, an attacker
could host a specially crafted website
that contains malicious Exploit PDF
content and then convince users to view
the website.
The attacker could also take advantage of
compromised websites, or websites that
accept or host user-provided content or
advertisements, by adding specially
crafted Exploit PDF content to such
sites. Only Windows 10 systems with
Microsoft Edge set as the default
browser can be compromised simply by
viewing a website.
The browsers for all other affected
operating systems do not automatically
render Exploit PDF content, so an
attacker would have no way to force
users to view attacker-controlled
content.
Instead, an attacker would have to
convince users to open a specially
crafted PDF Exploit document, typically
by way of an enticement in an email or
instant message or by way of an email
attachment. The update addresses the
vulnerability by modifying how affected
systems handle objects in memory.