September 20, 2018 | Simon Zuckerbraun
Today, we are releasing additional information regarding a bug report that has exceeded the 120-day disclosure timeline. More details on this process can be found here in our disclosure policy.
An out-of-bounds (OOB) write in the Microsoft JET Database Engine that could allow remote code execution was initially reported to Microsoft on May 8, 2018. An attacker could leverage this vulnerability to execute code under the context of the current process, however it does require user interaction since the target would need to open a malicious file. As of today, this bug remains unpatched.
Full Article.
Take a look at the best antivirus, anti-malware, anti-spy, etc. software