This issue has been assigned a CVE ID – CVE-2018-5124. The attack vector for this vulnerability is through consumption of a malicious .dwf or .pct file through DesignReview.exe process.
In order to exploit this vulnerability, an attacker would have to supply a specially crafted .dwf or .pct file which could lead to memory corruption vulnerability. This issue has been assigned a CVE ID – CVE-2018-5124.
The update for this issue has been released and can be downloaded from the Microsoft Update Catalog.
CVE-2018-5125: Microsoft Edge Memory corruption vulnerability in EdgeHTML in Microsoft Windows 10 could allow an attacker to exploit this vulnerability by convincing a user to visit a specially crafted website. The update for this issue has been released and can be downloaded from the Microsoft Update Catalog.
CVE-2018-5126: Microsoft Graphics Components Components in Microsoft Windows 10 could allow an attacker to exploit this vulnerability by convincing a user to visit a specially crafted website. The update for this issue has been released and can be downloaded from the Microsoft Update Catalog.
CVE-2018-5127: Microsoft Graphics Components Components in Microsoft Windows 10 could allow an attacker to exploit this vulnerability by convincing a user to visit a specially crafted website. The update for this issue has been released and can be downloaded from the Microsoft Update Catalog.
CVE-2018-5128: Microsoft Office Microsoft Office software could allow an attacker to
Microsoft Office Software
Microsoft Office software could allow an attacker to exploit this vulnerability by convincing a user to visit a specially crafted website. The update for this issue has been released and can be downloaded from the Microsoft Update Catalog.
CVE-2018-5129: Microsoft Word Memory corruption vulnerability in Microsoft Word in Microsoft Windows 10 could allow an attacker to exploit this vulnerability by convincing a user to open a specially crafted document or visit a malicious web page. The update for this issue has been released and can be downloaded from the Microsoft Update Catalog.
CVE-2018-5130: Expression Web Memory corruption vulnerability in Expression Web in Microsoft Windows 10 could allow an attacker to exploit this vulnerability by convincing a user to open a specially crafted document or visit a malicious web page. The update for this issue has been released and can be downloaded from the Microsoft Update Catalog.
Microsoft Office Vulnerabilities
In this blog post, we will explore the CVE vulnerabilities that were identified by Microsoft on July 12th. These vulnerabilities affect Microsoft Office software and could allow an attacker to exploit this vulnerability by convincing a user to visit a specially crafted website.
The update for these issues has been released and can be downloaded from the Microsoft Update Catalog.
Timeline
Published on: 10/21/2022 16:15:00 UTC
Last modified on: 10/24/2022 14:22:00 UTC