|
|
|||
| Rule General Information |
|---|
| Release Date: | 2016-10-14 | |
| Rule Name: | FILE-OTHER Microsoft Windows PDF Library Postscript Information Disclosure Vulnerability -2 (CVE-2016-3374) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | The PDF library in Microsoft Edge, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information via a crafted web site, aka "PDF Library Information Disclosure Vulnerability". | |
| Impact: | An attacker can abtain sensitive information of the target victim, and do malicious actions to gain profits using the information. | |
| Affected OS: | Windows | |
| Reference: | http://blog.malerisch.net/2016/09/microsoft--out-of-bounds-read-pdf-library-cve-2016-3374.html MicrosoftSecurityBulletin:MS16-105 MicrosoftSecurityBulletin:MS16-115 SecurityFocusBID:92838 |
|
| Solutions |
|---|
| Microsoft has released a patch MS16-105 to eliminate the vulnerability. The patch can be downloaded at http://technet.microsoft.com/security/bulletin/MS16-105 |