New Search

Microsoft Text-To-Speech Remote Code Execution Vulnerability - CVE-2018-8634

oval:org.cisecurity:def:5982

A remote code execution vulnerability exists in Windows where Microsoft text-to-speech fails to properly handle objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view change or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The security update addresses the vulnerability by correcting how the Microsoft text-to-speech handles objects in the memory.

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows Server 2016
  • Microsoft Windows 10
  • Microsoft Windows Server 2019
Class:
vulnerability
Reference(s):
  • CVE-2018-8634
  • MSRC-CVE-2018-8634
  • KB4471323
  • KB4471321
  • KB4471327
  • KB4471329
  • KB4471324
  • KB4471332
Product(s):