Endpoint Vulnerability

Microsoft: Word PDF Remote Code Execution Vulnerability

Description

A remote code execution vulnerability exists in Microsoft Word if a user opens a specially crafted PDF file. An attacker who successfully exploited the vulnerability could cause arbitrary code to execute in the context of the current user. To exploit the vulnerability, an attacker must entice the user to open a specially crafted PDF file. The update addresses the vulnerability by modifying how Microsoft Word parses PDF files.

Affected Products

Microsoft Office 2016 Click-to-Run (C2R) for 32-bit editions,Microsoft Word 2013 Service Pack 1 (32-bit editions),Microsoft Word 2013 RT Service Pack 1,Microsoft Word 2016 x86,Microsoft Office 2016 Click-to-Run (C2R) for 64-bit editions,Microsoft Word 2013 Service Pack 1 (64-bit editions),Microsoft Word 2016 x64

References

,