This issue has been assigned a CVE ID – CVE-2018-5124. The attack vector for this vulnerability is through consumption of a malicious .dwf or .pct file through DesignReview.exe process.
In order to exploit this vulnerability, an attacker would have to supply a specially crafted .dwf or .pct file which could lead to memory corruption vulnerability. This issue has been assigned a CVE ID – CVE-2018-5124.
The update for this issue has been released and can be downloaded from the Microsoft Update Catalog.
CVE-2018-5125: Microsoft Edge Memory corruption vulnerability in EdgeHTML in Microsoft Windows 10 could allow an attacker to exploit this vulnerability by convincing a user to visit a specially crafted website. The update for this issue has been released and can be downloaded from the Microsoft Update Catalog.
CVE-2018-5126: Microsoft Graphics Components Components in Microsoft Windows 10 could allow an attacker to exploit this vulnerability by convincing a user to visit a specially crafted website. The update for this issue has been released and can be downloaded from the Microsoft Update Catalog.
CVE-2018-5127: Microsoft Graphics Components Components in Microsoft Windows 10 could allow an attacker to exploit this vulnerability by convincing a user to visit a specially crafted website. The update for this issue has been released and can be downloaded from the Microsoft Update Catalog.
CVE-2018-5128: Microsoft Office Microsoft Office software could allow an attacker to
Windows 10 Software Update Notifications Vulnerability
This issue has been assigned a CVE ID – CVE-2018-6574. The attack vector for this vulnerability is through consumption of a malicious .dwf file through DesignReview.exe process.
In order to exploit this vulnerability, an attacker would have to supply a specially crafted .dwf file which could lead to memory corruption vulnerability. This issue has been assigned a CVE ID – CVE-2018-6574.
The update for this issue has been released and can be downloaded from the Microsoft Update Catalog.
New Add-on Warnings for Microsoft Office
The Microsoft Office team is continually updating their software to provide the best level of protection for all users. One of the new features being released by Microsoft are add-on warnings that will be added to the Microsoft Office software if an add-in fails one of several tests. These new warnings assist users in finding out which files they should avoid opening or downloading.
Microsoft Office
Memory corruption vulnerability in Microsoft Office
This issue has been assigned a CVE ID – CVE-2018-5128. The attack vector for this vulnerability is through consumption of a malicious .swd file through Microsoft Word process.
In order to exploit this vulnerability, an attacker would have to supply a specially crafted .swd file which could lead to memory corruption vulnerability. This issue has been assigned a CVE ID – CVE-2018-5128.
The update for this issue has been released and can be downloaded from the Microsoft Update Catalog.
Timeline
Published on: 10/21/2022 16:15:00 UTC
Last modified on: 10/24/2022 14:21:00 UTC