Microsoft Windows Arbitrary Code Execution VulnerabilitySeptember 11, 2018 pm30 10:30 pm

A vulnerability in the image file loading functionality in Microsoft Windows could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system.

The vulnerability exists because the affected software improperly handles embedded fonts. An attacker could exploit the vulnerability by persuading a user to access a file that submits malicious input to the affected software. A successful exploit could allow the attacker to execute arbitrary code and compromise the system completely.

Microsoft confirmed the vulnerability and released software updates.

Security Impact Rating: High

CVE: CVE-2018-8475

%d bloggers like this: