CVE-2018-0824

Microsoft COM for Windows contains a deserialization of untrusted data vulnerability that allows for privilege escalation and remote code execution via a specially crafted file or script. Vendor/Product: Microsoft Windows. Added to CISA KEV 2024-08-05; required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.