This issue has been assigned a CVE ID – CVE-2018-5124. The attack vector for this vulnerability is through consumption of a malicious .dwf or .pct file through DesignReview.exe process.

In order to exploit this vulnerability, an attacker would have to supply a specially crafted .dwf or .pct file which could lead to memory corruption vulnerability. This issue has been assigned a CVE ID – CVE-2018-5124.

The update for this issue has been released and can be downloaded from the Microsoft Update Catalog.

CVE-2018-5125: Microsoft Edge Memory corruption vulnerability in EdgeHTML in Microsoft Windows 10 could allow an attacker to exploit this vulnerability by convincing a user to visit a specially crafted website. The update for this issue has been released and can be downloaded from the Microsoft Update Catalog.

CVE-2018-5126: Microsoft Graphics Components Components in Microsoft Windows 10 could allow an attacker to exploit this vulnerability by convincing a user to visit a specially crafted website. The update for this issue has been released and can be downloaded from the Microsoft Update Catalog.

CVE-2018-5127: Microsoft Graphics Components Components in Microsoft Windows 10 could allow an attacker to exploit this vulnerability by convincing a user to visit a specially crafted website. The update for this issue has been released and can be downloaded from the Microsoft Update Catalog.

CVE-2018-5128: Microsoft Office Microsoft Office software could allow an attacker to

Microsoft Office Software Y-17-21

Microsoft Office software could allow an attacker to exploit this vulnerability by convincing a user to visit a specially crafted website. The update for this issue has been released and can be downloaded from the Microsoft Update Catalog.

CVE-2018-5129: Microsoft Office Microsoft Office software could allow an attacker to exploit this vulnerability by convincing a user to visit a specially crafted website. The update for this issue has been released and can be downloaded from the Microsoft Update Catalog.

CVE-2018-5130: Microsoft Windows kernel in Microsoft Windows 10 could allow an attacker to exploit this vulnerability by convincing a user to visit a specially crafted website. The update for this issue has been released and can be downloaded from the Microsoft Update Catalog.

Vulnerability statistics updated on: 09/01/2018

Microsoft Office Software

This issue has been assigned a CVE ID – CVE-2018-5128. The attack vector for this vulnerability is through consumption of a malicious document that could lead to memory corruption vulnerability. This issue has been assigned a CVE ID – CVE-2018-5128.

The update for this issue has been released and can be downloaded from the Microsoft Update Catalog.

Timeline

Published on: 10/21/2022 16:15:00 UTC
Last modified on: 10/24/2022 14:05:00 UTC

References