This issue has been assigned a CVE ID – CVE-2018-5124. The attack vector for this vulnerability is through consumption of a malicious .dwf or .pct file through DesignReview.exe process.
In order to exploit this vulnerability, an attacker would have to supply a specially crafted .dwf or .pct file which could lead to memory corruption vulnerability. This issue has been assigned a CVE ID – CVE-2018-5124.
The update for this issue has been released and can be downloaded from the Microsoft Update Catalog.
CVE-2018-5125: Microsoft Edge Memory corruption vulnerability in EdgeHTML in Microsoft Windows 10 could allow an attacker to exploit this vulnerability by convincing a user to visit a specially crafted website. The update for this issue has been released and can be downloaded from the Microsoft Update Catalog.
CVE-2018-5126: Microsoft Graphics Components Components in Microsoft Windows 10 could allow an attacker to exploit this vulnerability by convincing a user to visit a specially crafted website. The update for this issue has been released and can be downloaded from the Microsoft Update Catalog.
CVE-2018-5127: Microsoft Graphics Components Components in Microsoft Windows 10 could allow an attacker to exploit this vulnerability by convincing a user to visit a specially crafted website. The update for this issue has been released and can be downloaded from the Microsoft Update Catalog.
CVE-2018-5128: Microsoft Office Microsoft Office software could allow an attacker to
Microsoft Word and Excel
Memory corruption vulnerability in Microsoft Word and Microsoft Excel could allow an attacker to exploit this vulnerability by convincing a user to visit a specially crafted website. The update for this issue has been released and can be downloaded from the Microsoft Update Catalog.
CVE-2018-5129: Microsoft Office Memory corruption vulnerability in Microsoft Office software could allow an attacker to exploit this vulnerability by convincing a user to visit a specially crafted website. The update for this issue has been released and can be downloaded from the Microsoft Update Catalog.
CVE-2018-5130: Microsoft Office Memory corruption vulnerability in Microsoft Office software could allow an attacker to exploit this vulnerability by convincing a user to visit a specially crafted website. The update for this issue has been released and can be downloaded from the Microsoft Update Catalog.
Timeline
Published on: 10/21/2022 16:15:00 UTC
Last modified on: 10/24/2022 14:08:00 UTC