Axis

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.13.5 **Description** The issue involves the `Graphics Drivers` component and allows attackers to bypass intended memory-read restrictions via a crafted app. **Recommendations** For macOS versions prior to 10.13.5, update to version 10.13.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.12.6 **Description** The issue is related to a buffer overflow in the Intel Graphics Driver component of the operating system, which can be exploited by a remote attacker to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) using a specially crafted application. **Recommendations** For macOS versions prior to 10.12.6, update to version 10.12.6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.12.6 **Description** The issue involves the `kext tools` component and allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. This is caused by a buffer overflow in memory, which can be exploited by a remote attacker to achieve the same results. **Recommendations** For macOS versions prior to 10.12.6, update to version 10.12.6 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `kext tools` component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.12.6 **Description** The issue is related to the AppleGraphicsPowerManagement component and involves a buffer overflow in memory, allowing attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a specially crafted app. **Recommendations** For macOS versions prior to 10.12.6, update to version 10.12.6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.12.5 **Description** The issue is caused by a buffer overflow in the Intel Graphics Driver component of the operating system, allowing a remote attacker to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) using a specially crafted application. **Recommendations** For macOS versions prior to 10.12.5, update to version 10.12.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** NVIDIA Graphics Drivers versions prior to 10.12.5 **Description** The issue is caused by a buffer overflow in memory, allowing a remote attacker to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) using a specially crafted application. **Recommendations** For versions prior to 10.12.5, update to version 10.12.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.12.4 **Description** The issue is related to a buffer overflow on the stack in the Bluetooth component of the operating system, which can be exploited by a remote attacker to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) using a specially crafted application. **Recommendations** For macOS versions prior to 10.12.4, update to version 10.12.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.12.4 **Description** The issue is related to the AppleRAID component and involves the use of memory after it has been freed. This can be exploited by a remote attacker to execute arbitrary code in a privileged context or cause a denial of service. The exploitation can be done via a specially crafted app. **Recommendations** For macOS versions prior to 10.12.4, update to version 10.12.4 or later to resolve the issue. As a temporary workaround, consider restricting the use of the AppleRAID component until a patch is available.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.12.4 **Description** The issue involves the `Bluetooth` component and allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app. This is related to a use-after-free error, which occurs when memory is accessed after it has been freed. **Recommendations** For macOS versions prior to 10.12.4, update to version 10.12.4 or later to resolve the issue. As a temporary workaround, consider disabling the `Bluetooth` component until a patch is available.

Name of the Vulnerable Software and Affected Versions: Microsoft Windows versions prior to Windows XP SP3 Microsoft Message Queuing (MSMQ) service in Microsoft Windows 2000 Server SP4 Microsoft Message Queuing (MSMQ) service in Microsoft Windows 2000 Professional SP4 Microsoft Message Queuing (MSMQ) service in Microsoft Windows XP SP2 Description: A stack-based buffer overflow issue exists in the Microsoft Message Queuing (MSMQ) service, allowing attackers to execute arbitrary code via a long string in an opnum 0x06 RPC call to port 2103. This issue is remotely exploitable on Windows 2000 Server. The vulnerability occurs when the Message Queuing Service incorrectly validates input strings before passing them to a buffer. An attacker could exploit this by constructing a specially crafted MSMQ message, potentially allowing remote code execution on Microsoft Windows 2000 and local elevation of privilege on Windows XP. Recommendations: For Microsoft Windows 2000 Server SP4, consider disabling the MSMQ service until a patch is available. For Microsoft Windows 2000 Professional SP4, restrict access to the MSMQ service to minimize the risk of exploitation. For Microsoft Windows XP SP2, avoid using the MSMQ service in a local scenario until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ipswitch IMail Server versions 8.01 through 8.11 **Description** The issue is related to a heap-based buffer overflow in the iaspam.dll component of the SMTP Server. It can be triggered by remote attackers sending a set of four different e-mail messages with specific malformed elements in the header, including a long boundary parameter in the Content-Type header line, the string "MIME" by itself on a line in the header, and a long Content-Transfer-Encoding header line. This allows attackers to execute arbitrary code. **Recommendations** For Ipswitch IMail Server versions 8.01 through 8.11, update to a version that includes a fix for this issue to prevent remote code execution. As a temporary workaround, consider restricting access to the SMTP Server or implementing additional security measures to minimize the risk of exploitation.