CISA Adds Microsoft COM for Windows Bug to its Known Exploited Vulnerabilities Catalog
The vulnerability, tracked as CVE-2018-0824, arises from the deserialization of untrusted data. Microsoft warns that this flaw could lead to remote code execution if exploited by a specially crafted file or script.