CVE-2018-0824: Microsoft COM for Windows Deserialization of Untrusted Data

Microsoft COM for Windows Deserialization of Untrusted Data Vulnerability. Microsoft COM for Windows contains a deserialization of untrusted data vulnerability that allows for privilege escalation and remote code execution via a specially crafted file or script.

• CISA KEV-listed (remediation due 2024-08-26)
• EPSS 91.5% (99.7% percentile)

Browse the CVE database

Read the full analysis on IntelFusions