Huyna

**Nome do software vulnerável e versões afetadas** Controlador do Windows Storage Spaces (versões afetadas não especificadas) **Descrição** O problema está relacionado a um estouro de inteiro no driver do Controlador de Espaços de Armazenamento, que pode ser explorado para elevar privilégios. Isso poderia permitir que um invasor comprometesse o sistema. **Recomendações** No momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.

**Name of the Vulnerable Software and Affected Versions** Oracle VM VirtualBox versions prior to 5.2.34 Oracle VM VirtualBox versions prior to 6.0.14 **Description** The issue is related to inadequate access control in the Core component of Oracle VM VirtualBox, allowing a highly privileged attacker with logon access to the infrastructure where Oracle VM VirtualBox is executed to compromise it. Successful attacks can result in the takeover of Oracle VM VirtualBox and may significantly impact additional products. **Recommendations** For versions prior to 5.2.34, update to version 5.2.34 or later. For versions prior to 6.0.14, update to version 6.0.14 or later. As a temporary workaround, consider restricting access to the Core component until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Oracle VM VirtualBox versions prior to 5.2.32 Oracle VM VirtualBox versions prior to 6.0.10 **Description** The issue is related to insufficient access control in the Core component of Oracle VM VirtualBox, allowing a high-privileged attacker with logon to the infrastructure to compromise Oracle VM VirtualBox. Successful attacks can result in the takeover of Oracle VM VirtualBox and may significantly impact additional products. **Recommendations** For Oracle VM VirtualBox versions prior to 5.2.32, update to version 5.2.32 or later. For Oracle VM VirtualBox versions prior to 6.0.10, update to version 6.0.10 or later. As a temporary workaround, consider restricting access to the Core component of Oracle VM VirtualBox to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Foxit Reader version 9.5.0.20723 **Description** This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page or open a malicious file. The flaw exists within the processing of XFA forms due to the lack of validating the existence of an object prior to performing operations on it. An attacker can leverage this to execute code in the context of the current process. **Recommendations** For Foxit Reader version 9.5.0.20723, consider disabling the processing of XFA forms as a temporary workaround until a patch is available. Restrict access to malicious pages or files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 71.0.3578.80 **Description** The issue is related to the incorrect object lifecycle in the PDFium component of Google Chrome, which can lead to heap corruption. This can be exploited by a remote attacker using a specially crafted PDF file, potentially allowing the execution of arbitrary code. **Recommendations** For versions prior to 71.0.3578.80, update to version 71.0.3578.80 or later to resolve the issue. As a temporary workaround, consider avoiding the use of PDF files from untrusted sources until the update is applied.