Ben Hawkes

**Nome do software vulnerável e versões afetadas: Versões da API RKP anteriores à SMR JUN-2021 Release 1 Descrição: O problema está relacionado à validação incorreta de endereços na API RKP, permitindo que invasores locais com privilégios de root gravem na memória do kernel, que é somente de leitura. Isso pode ser explorado por invasores locais com privilégios de root. Recomendações: Para versões anteriores ao SMR JUN-2021 Release 1, atualize para o SMR JUN-2021 Release 1 ou posterior para resolver o problema. Como solução alternativa temporária, considere restringir o acesso à API RKP para minimizar o risco de exploração.

**Nome do software vulnerável e versões afetadas: Versões do driver da NPU anteriores à SMR JUN-2021 Release 1 Descrição: Uma possível vulnerabilidade de gravação fora dos limites no driver da NPU permite a gravação arbitrária na memória. Recomendações: Para versões anteriores ao SMR JUN-2021 Release 1, atualize para o SMR JUN-2021 Release 1 ou posterior para resolver o problema.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.5.2 **Description** The issue concerns the netfilter subsystem in the Linux kernel, which fails to validate certain offset fields. This allows local users to gain privileges or cause a denial of service, resulting in heap memory corruption, through an IPT SO SET REPLACE setsockopt call. **Recommendations** For Linux kernel versions prior to 4.5.2, update to version 4.5.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.5.2 **Description** The issue is caused by an integer overflow in the `xt alloc table info` function in `net/netfilter/x tables.c` of the Linux kernel. This can be exploited by a local attacker to gain privileges or cause a denial of service, resulting in heap memory corruption. The exploitation occurs via an `IPT SO SET REPLACE` `setsockopt` call. **Recommendations** For Linux kernel versions prior to 4.5.2, update to a version 4.5.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the `setsockopt` call with the `IPT SO SET REPLACE` option to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Linux kernel version 4.0 **Description** The issue is related to an integer overflow in the `aio setup single vector` function in `fs/aio.c`, which allows local users to cause a denial of service or possibly have other unspecified impacts via a large AIO iovec. This problem exists due to a regression of a previously fixed issue. **Recommendations** For Linux kernel version 4.0, consider applying a patch to fix the integer overflow in the `aio setup single vector` function to prevent potential denial of service or other unspecified impacts.

**Name of the Vulnerable Software and Affected Versions** OpenSSH versions prior to 7.1p2 **Description** The issue is related to the `ssh packet read poll2` function in the `packet.c` file, which allows remote attackers to cause a denial of service due to an out-of-bounds read and application crash via crafted network traffic. This is caused by a buffer overflow. **Recommendations** For OpenSSH versions prior to 7.1p2, update to version 7.1p2 or later to resolve the issue. As a temporary workaround, consider restricting access to the `ssh packet read poll2` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 3.16.2 **Description** The issue is related to an array index error in the `logi dj raw event` function in `drivers/hid/hid-logitech-dj.c`. This error allows physically proximate attackers to execute arbitrary code or cause a denial of service (invalid `kfree`) via a crafted device that provides a malformed `REPORT TYPE NOTIF DEVICE UNPAIRED` value. **Recommendations** For Linux kernel versions prior to 3.16.2, update to version 3.16.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the `logi dj raw event` function in `drivers/hid/hid-logitech-dj.c` to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 3.16.2 **Description** The issue allows physically proximate attackers to cause a denial of service via a crafted device that provides a small report descriptor, related to several drivers in the HID subsystem, including `hid-cherry.c`, `hid-kye.c`, `hid-lg.c`, `hid-monterey.c`, `hid-petalynx.c`, and `hid-sunplus.c`. **Recommendations** For Linux kernel versions prior to 3.16.2, update to version 3.16.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 3.16.2 **Description** The issue is related to a heap-based buffer overflow in the `logi dj ll raw request` function. This function is located in the `drivers/hid/hid-logitech-dj.c` file of the Linux kernel. The overflow can be triggered by a crafted device that specifies a large report size for an LED report, allowing physically proximate attackers to cause a denial of service, such as a system crash, or possibly execute arbitrary code. **Recommendations** For Linux kernel versions prior to 3.16.2, update to version 3.16.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the `logi dj ll raw request` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** GDI+ in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1 Office 2007 SP3 and 2010 SP1 and SP2 Live Meeting 2007 Console Lync 2010 and 2013 Lync 2010 Attendee Lync Basic 2013 **Description** A remote code execution issue exists in the way GDI+ handles validation of specially crafted images. The issue could allow remote code execution if a user opens a specially crafted image. An attacker who successfully exploits this issue could take complete control of an affected system, then install programs, view, change, or delete data, or create new accounts with full user rights. Users with limited system rights are less impacted than those operating with administrative user rights. **Recommendations** For Microsoft Windows Server 2003 SP2, update to a newer version to mitigate the risk. For Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, update to a newer version to mitigate the risk. For Office 2007 SP3 and 2010 SP1 and SP2, update to a newer version to mitigate the risk. For Live Meeting 2007 Console, Lync 2010 and 2013, Lync 2010 Attendee, and Lync Basic 2013, update to a newer version to mitigate the risk. As a temporary workaround, consider restricting the use of GDI+ until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Microsoft Word versions 2007 SP3 Office Compatibility Pack version SP3 **Description** The issue is related to errors that occur when processing specially crafted files, allowing a remote attacker to execute arbitrary code and gain full control of the system. This can result in the ability to install programs, view, change, or delete data, or create new accounts with full user rights. **Recommendations** For Microsoft Word 2007 SP3, consider applying security updates or patches to resolve the issue. For Office Compatibility Pack SP3, apply the relevant security fix to prevent exploitation. As a temporary workaround, consider restricting the use of Microsoft Word and Office Compatibility Pack until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Microsoft Word versions 2003 SP3 through 2007 SP3 Office Compatibility Pack version SP3 Word Viewer (affected versions not specified) **Description** The issue is related to errors that occur when processing specially crafted files, allowing a remote attacker to execute arbitrary code and gain full control over the system. This can result in the attacker being able to install programs, view, change, or delete data, or create new accounts with full user rights. **Recommendations** For Microsoft Word 2003 SP3, update to a version that is not affected by this issue. For Microsoft Word 2007 SP3, update to a version that is not affected by this issue. For Office Compatibility Pack SP3, update to a version that is not affected by this issue. For Word Viewer, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Word versions 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT Office Compatibility Pack version SP3 Word Viewer (affected versions not specified) SharePoint Server versions 2010 SP1 and SP2 and 2013 Office Web Apps versions 2010 SP1 and SP2 Office Web Apps Server version 2013 **Description** The issue allows remote attackers to execute arbitrary code or cause a denial of service via a crafted Office document. This is due to errors that occur when processing specially crafted files, enabling a remote attacker to execute arbitrary code. An attacker who successfully exploits this issue could take complete control of an affected system, allowing them to install programs, view, change, or delete data, or create new accounts with full user rights. **Recommendations** For Microsoft Word versions 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT, update to a version that is not affected by this issue. For Office Compatibility Pack version SP3, update to a version that is not affected by this issue. For Word Viewer, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For SharePoint Server versions 2010 SP1 and SP2 and 2013, update to a version that is not affected by this issue. For Office Web Apps versions 2010 SP1 and SP2, update to a version that is not affected by this issue. For Office Web Apps Server version 2013, update to a version that is not affected by this issue.

**Name of the Vulnerable Software and Affected Versions** Microsoft Excel versions 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT Office versions 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT Office for Mac version 2011 Excel Viewer (affected versions not specified) Office Compatibility Pack version SP3 Excel Services and Word Automation Services in SharePoint Server version 2013 **Description** A remote code execution issue exists in the way that Microsoft Excel and other affected Microsoft Office services parse content in specially crafted files. An attacker who successfully exploits this issue could take complete control of an affected system, allowing them to install programs, view, change, or delete data, or create new accounts with full user rights. Users with fewer user rights on the system could be less impacted than those operating with administrative user rights. **Recommendations** For Microsoft Excel versions 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT, update to a version that includes the fix for this issue. For Office versions 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT, update to a version that includes the fix for this issue. For Office for Mac version 2011, update to a version that includes the fix for this issue. For Excel Viewer, at the moment, there is no information about a newer version that contains a fix for this issue. For Office Compatibility Pack version SP3, update to a version that includes the fix for this issue. For Excel Services and Word Automation Services in SharePoint Server version 2013, update to a version that includes the fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Microsoft Excel versions 2007 SP3 Excel Viewer (affected versions not specified) Office Compatibility Pack version SP3 **Description** A remote code execution issue exists in the way Microsoft Excel parses content in Excel files. This could allow an attacker to take complete control of an affected system, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights. The impact may be less severe for users with limited user rights compared to those operating with administrative rights. **Recommendations** For Microsoft Excel 2007 SP3, update to a version that is not affected by this issue. For Excel Viewer, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Office Compatibility Pack SP3, update to a version that is not affected by this issue.

**Name of the Vulnerable Software and Affected Versions** Microsoft Word versions 2007 SP3 Office Compatibility Pack version SP3 **Description** A remote code execution issue exists in the way that affected Microsoft Word software parses specially crafted files. This could allow an attacker to take complete control of an affected system, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights. **Recommendations** For Microsoft Word 2007 SP3, update to a version that is not affected by this issue. For Office Compatibility Pack SP3, update to a version that is not affected by this issue.

**Name of the Vulnerable Software and Affected Versions** Microsoft Word versions 2003 SP3 Microsoft Word Viewer (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary code or cause a denial of service due to memory corruption via a crafted Office document. Remote code execution vulnerabilities exist in the way that affected Microsoft Office software parses specially crafted files, potentially allowing an attacker to take complete control of an affected system, install programs, view, change, or delete data, or create new accounts with full user rights. **Recommendations** For Microsoft Word 2003 SP3, update to a version that is not affected by this issue. For Microsoft Word Viewer, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Office (affected versions not specified) **Description** The issue is related to remote code execution vulnerabilities in the way Microsoft Office software parses specially crafted files. An attacker who successfully exploits these vulnerabilities could take complete control of an affected system, allowing them to install programs, view, change, or delete data, or create new accounts with full user rights. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Word Automation Services in SharePoint Server 2010 SP1 and SP2 Word Web App 2010 SP1 and SP2 in Office Web Apps 2010 Word 2003 SP3 Word 2007 SP3 Word 2010 SP1 and SP2 Office Compatibility Pack SP3 Word Viewer **Description** The issue allows remote attackers to execute arbitrary code or cause a denial of service due to memory corruption via a crafted Office document. Remote code execution vulnerabilities exist in the way that affected Microsoft Office software parses specially crafted files, potentially allowing an attacker to take complete control of an affected system. **Recommendations** For Microsoft Word Automation Services in SharePoint Server 2010 SP1 and SP2, update to a version that includes the fix for this issue. For Word Web App 2010 SP1 and SP2 in Office Web Apps 2010, update to a version that includes the fix for this issue. For Word 2003 SP3, update to a version that includes the fix for this issue. For Word 2007 SP3, update to a version that includes the fix for this issue. For Word 2010 SP1 and SP2, update to a version that includes the fix for this issue. For Office Compatibility Pack SP3, update to a version that includes the fix for this issue. For Word Viewer, update to a version that includes the fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Microsoft Internet Explorer versions 7 through 10 **Description** The issue allows remote attackers to execute arbitrary code or cause a denial of service due to memory corruption via a crafted web site. This occurs because Internet Explorer improperly accesses an object in memory, potentially corrupting it in a way that enables an attacker to execute arbitrary code in the context of the current user. **Recommendations** For Microsoft Internet Explorer versions 7 through 10, at the moment, there is no information about a newer version that contains a fix for this vulnerability.