ZDI-25-028: Microsoft Office Word RTF File Parsing Memory Corruption Remote Code Execution Vulnerability

Read Time:17 Second

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-21298.

freeipa-4.12.2-3.fc40

FEDORA-2025-6baf694c75 Packages in this update: freeipa-4.12.2-3.fc40 Update description: CVE-2024-11029 Release note: https://www.freeipa.org/release-notes/4-12-3.html Read More

January 15, 2025

freeipa-4.12.2-7.fc41

FEDORA-2025-b21777d1b5 Packages in this update: freeipa-4.12.2-7.fc41 Update description: CVE-2024-11029 Release note: https://www.freeipa.org/release-notes/4-12-3.html Read More

January 15, 2025

ZDI-25-030: Microsoft Office Word DOCX File Parsing Uninitialized Pointer Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office Word. User interaction is required...

January 15, 2025

ZDI-25-029: Microsoft Windows Installer Service Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the...

January 15, 2025

git-lfs-3.6.1-1.fc41

FEDORA-2025-1de066b8af Packages in this update: git-lfs-3.6.1-1.fc41 Update description: Update to latest version Fix CVE-2024-53263 Read More

January 15, 2025

git-lfs-3.6.1-1.fc40

FEDORA-2025-50deb0acd5 Packages in this update: git-lfs-3.6.1-1.fc40 Update description: Update to latest version Fix CVE-2024-53263 Read More

January 15, 2025

Multi-Cloud Adoption Surges Amid Rising Security Concerns

Chinese PlugX Malware Deleted in Global Law Enforcement Operation

Illicit Crypto-Inflows Set to Top $51bn in a Year

Phishing False Alarm

Fortinet Confirms Critical Zero-Day Vulnerability in Firewalls

Secureworks Exposes North Korean Links to Fraudulent Crowdfunding

Microsoft Patches Eight Zero-Days to Start the Year

Microsoft: Happy 2025. Here’s 161 Security Updates

Upcoming Speaking Engagements

ZDI-25-028: Microsoft Office Word RTF File Parsing Memory Corruption Remote Code Execution Vulnerability

freeipa-4.12.2-3.fc40

freeipa-4.12.2-7.fc41

ZDI-25-030: Microsoft Office Word DOCX File Parsing Uninitialized Pointer Remote Code Execution Vulnerability

ZDI-25-029: Microsoft Windows Installer Service Link Following Local Privilege Escalation Vulnerability

git-lfs-3.6.1-1.fc41

git-lfs-3.6.1-1.fc40