Netanel Ben-Simon

**Nome do software vulnerável e versões afetadas** Microsoft Excel (versões afetadas não especificadas) **Descrição** O problema está relacionado a uma vulnerabilidade de divulgação de informações no Microsoft Excel. Ela está associada a um estouro de buffer na memória, o que pode permitir que um invasor obtenha acesso não autorizado a informações protegidas. **Recomendações** No momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.

**Nome do software vulnerável e versões afetadas** Microsoft Office (versões afetadas não especificadas) **Descrição** O problema está relacionado a uma falha no gerenciamento da geração de código no Microsoft Office, que pode ser explorada por invasores para executar código arbitrário por meio de um arquivo especialmente criado. Isso permite que invasores remotos executem código arbitrário. **Recomendações** No momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.

**Nome do software vulnerável e versões afetadas** Microsoft Office (versões afetadas não especificadas) **Descrição** O problema está relacionado a uma vulnerabilidade de divulgação de informações no Microsoft Office. É causada pela falta de proteção de dados confidenciais. A exploração dessa vulnerabilidade pode permitir que um invasor divulgue informações protegidas e afete o sistema. **Recomendações** No momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.

**Nome do software vulnerável e versões afetadas** Versões do Windows 10 de 1607 a 1909 Versão 6.3 do Windows 8.1 **Descrição** O problema está relacionado a erros no tratamento de objetos na memória dentro do componente Win32k do sistema operacional Windows. Isso pode ser explorado por um invasor para elevar seus privilégios usando um aplicativo especialmente criado. A vulnerabilidade permite que invasores afetem o sistema, levando potencialmente a uma elevação de privilégios. **Recomendações** Para as versões 1607 a 1909 do Windows 10, atualize para uma versão que inclua a correção para este problema. Para a versão 6.3 do Windows 8.1, considere aplicar patches de segurança ou atualizações que resolvam este problema específico como uma solução temporária, até que uma solução mais permanente esteja disponível. Como medida de mitigação geral, restrinja o acesso a componentes sensíveis do sistema e certifique-se de que todos os aplicativos sejam executados com o mínimo de privilégios necessários para minimizar o risco de exploração.

**Nome do software vulnerável e versões afetadas** Windows 10 x64 1909 (Compilação do SO 18363.719) Windows 10 versão 10.0.18362.719 (WinBuild.160101.0800) **Descrição** O problema está relacionado a erros no processamento de objetos na memória no componente Win32k do sistema operacional Windows. Isso pode permitir que um invasor eleve seus privilégios. Existe uma vulnerabilidade de elevação de privilégios, permitindo que invasores afetem o sistema. **Recomendações** Para o Windows 10 x64 1909 (Compilação do SO 18363.719), atualize para uma versão que inclua a correção para este problema. Para o Windows 10 versão 10.0.18362.719 (WinBuild.160101.0800), atualize para uma versão que inclua a correção para este problema. Como solução alternativa temporária, considere restringir o acesso ao componente Win32k até que um patch esteja disponível.

**Nome do software vulnerável e versões afetadas** Versões do Windows anteriores à 10.0.18363 **Descrição** Existe uma vulnerabilidade de elevação de privilégios devido à falha do driver do modo kernel do Windows em lidar adequadamente com objetos na memória. Isso permite que um invasor possa elevar seus privilégios. A vulnerabilidade está relacionada a erros no processamento de objetos na memória. **Recomendações** Para versões do Windows anteriores à 10.0.18363, atualize para uma versão que inclua os patches de segurança necessários para resolver a vulnerabilidade. Como solução alternativa temporária, considere restringir o acesso a recursos sensíveis do sistema para minimizar o risco de exploração.

**Nome do software vulnerável e versões afetadas** Windows (versões afetadas não especificadas) **Descrição** O problema está relacionado a uma vulnerabilidade de elevação de privilégios no driver do modo kernel do Windows, que não lida adequadamente com objetos na memória. Essa vulnerabilidade pode ser explorada para permitir que um invasor eleve seus privilégios. **Recomendações** No momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.

**Name of the Vulnerable Software and Affected Versions** Microsoft Internet Information Services (affected versions not specified) **Description** The issue is related to errors in handling objects in memory, which can be exploited by a remote attacker to elevate privileges. This allows an unprivileged function, run by a user, to execute code in the context of NT AUTHORITYsystem, thus escaping the sandbox. The vulnerability exists due to the failure to check the length of a buffer before copying memory to it. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows (affected versions not specified) **Description** The issue is related to an elevation of privilege vulnerability in the Win32k component of Windows, which fails to properly handle objects in memory. This can allow an attacker to execute arbitrary code in kernel mode using a specially crafted application. The vulnerability enables attackers to affect the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows (affected versions not specified) **Description** The issue is related to errors in handling objects in memory by the Windows kernel. This can be exploited by an attacker to elevate their privileges and run arbitrary code in kernel mode using a specially crafted application. To exploit this, an attacker must first log on to the system. Successful exploitation could allow an attacker to install programs, view, change, or delete data, or create new accounts with full user rights. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows (affected versions not specified) **Description** The issue is related to an information disclosure problem in the win32k component, which fails to properly protect sensitive data. This could allow an attacker to disclose protected information. There is no information available about the estimated number of potentially affected devices or real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Adobe Acrobat and Reader versions 2018.011.20063 and earlier Adobe Acrobat and Reader versions 2017.011.30102 and earlier Adobe Acrobat and Reader versions 2015.006.30452 and earlier **Description** The issue is related to an untrusted pointer dereference, which could allow for arbitrary code execution if successfully exploited. This can be achieved through a specially crafted GIF file, potentially enabling a remote attacker to execute code. The vulnerability affects Adobe Acrobat, Adobe Reader, Adobe Acrobat Document Cloud, and Adobe Reader Document Cloud. **Recommendations** For Adobe Acrobat and Reader versions 2018.011.20063 and earlier, update to a version later than 2018.011.20063 to resolve the issue. For Adobe Acrobat and Reader versions 2017.011.30102 and earlier, update to a version later than 2017.011.30102 to resolve the issue. For Adobe Acrobat and Reader versions 2015.006.30452 and earlier, update to a version later than 2015.006.30452 to resolve the issue. As a temporary workaround, consider avoiding the use of specially crafted GIF files until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Adobe Acrobat versions prior to 2018.011.20063 Adobe Acrobat versions prior to 2017.011.30102 Adobe Acrobat versions prior to 2015.006.30452 Adobe Acrobat Reader versions prior to 2018.011.20063 Adobe Acrobat Reader versions prior to 2017.011.30102 Adobe Acrobat Reader versions prior to 2015.006.30452 **Description** The issue is related to an out-of-bounds read in memory, which could allow an attacker to disclose protected information. Successful exploitation of this issue may lead to information disclosure. **Recommendations** For Adobe Acrobat versions prior to 2018.011.20063, update to version 2018.011.20063 or later. For Adobe Acrobat versions prior to 2017.011.30102, update to version 2017.011.30102 or later. For Adobe Acrobat versions prior to 2015.006.30452, update to version 2015.006.30452 or later. For Adobe Acrobat Reader versions prior to 2018.011.20063, update to version 2018.011.20063 or later. For Adobe Acrobat Reader versions prior to 2017.011.30102, update to version 2017.011.30102 or later. For Adobe Acrobat Reader versions prior to 2015.006.30452, update to version 2015.006.30452 or later.

**Name of the Vulnerable Software and Affected Versions** Adobe Acrobat and Reader versions 2015.006.30452 and earlier Adobe Acrobat and Reader versions 2017.011.30102 and earlier Adobe Acrobat and Reader versions 2018.011.20063 and earlier **Description** The issue is related to an out-of-bounds read in memory, which could allow a remote attacker to gain unauthorized access to protected information. This could lead to information disclosure. **Recommendations** For Adobe Acrobat and Reader versions 2015.006.30452 and earlier, update to a version later than 2015.006.30452. For Adobe Acrobat and Reader versions 2017.011.30102 and earlier, update to a version later than 2017.011.30102. For Adobe Acrobat and Reader versions 2018.011.20063 and earlier, update to a version later than 2018.011.20063.

**Name of the Vulnerable Software and Affected Versions** Adobe Acrobat versions 2018.011.20063 and earlier Adobe Acrobat versions 2017.011.30102 and earlier Adobe Acrobat versions 2015.006.30452 and earlier Adobe Reader versions 2018.011.20063 and earlier Adobe Reader versions 2017.011.30102 and earlier Adobe Reader versions 2015.006.30452 and earlier **Description** The issue is related to an untrusted pointer dereference vulnerability. This vulnerability can be exploited by a remote attacker using a specially crafted GIF file, potentially allowing them to execute arbitrary code. **Recommendations** For Adobe Acrobat and Reader versions 2018.011.20063 and earlier, update to a version later than 2018.011.20063 to resolve the issue. For Adobe Acrobat and Reader versions 2017.011.30102 and earlier, update to a version later than 2017.011.30102 to resolve the issue. For Adobe Acrobat and Reader versions 2015.006.30452 and earlier, update to a version later than 2015.006.30452 to resolve the issue. As a temporary workaround, consider avoiding the use of specially crafted GIF files until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Adobe Acrobat and Reader versions 2018.011.20063 and earlier Adobe Acrobat and Reader versions 2017.011.30102 and earlier Adobe Acrobat and Reader versions 2015.006.30452 and earlier **Description** The issue is related to an out-of-bounds write vulnerability in Adobe Acrobat and Reader. This vulnerability can be exploited by an attacker using a specially crafted PDF file, potentially leading to arbitrary code execution. The vulnerability allows a remote attacker to execute arbitrary code. **Recommendations** For Adobe Acrobat and Reader versions 2018.011.20063 and earlier, update to a version later than 2018.011.20063 to resolve the issue. For Adobe Acrobat and Reader versions 2017.011.30102 and earlier, update to a version later than 2017.011.30102 to resolve the issue. For Adobe Acrobat and Reader versions 2015.006.30452 and earlier, update to a version later than 2015.006.30452 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Adobe Acrobat and Reader versions 2018.011.20063 and earlier Adobe Acrobat and Reader versions 2017.011.30102 and earlier Adobe Acrobat and Reader versions 2015.006.30452 and earlier **Description** The issue is related to an out-of-bounds read operation in memory, which could allow an attacker to gain unauthorized access to protected information. Successful exploitation of this issue may lead to information disclosure, potentially allowing attackers to obtain sensitive information. **Recommendations** For versions 2018.011.20063 and earlier, update to a version later than 2018.011.20063 to resolve the issue. For versions 2017.011.30102 and earlier, update to a version later than 2017.011.30102 to resolve the issue. For versions 2015.006.30452 and earlier, update to a version later than 2015.006.30452 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Adobe Acrobat versions 2018.011.20063 and earlier Adobe Acrobat versions 2017.011.30102 and earlier Adobe Acrobat versions 2015.006.30452 and earlier Adobe Acrobat Reader versions 2018.011.20063 and earlier Adobe Acrobat Reader versions 2017.011.30102 and earlier Adobe Acrobat Reader versions 2015.006.30452 and earlier **Description** The issue is related to an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure, allowing attackers to obtain sensitive information. **Recommendations** For Adobe Acrobat and Reader versions 2018.011.20063 and earlier, update to a version later than 2018.011.20063. For Adobe Acrobat and Reader versions 2017.011.30102 and earlier, update to a version later than 2017.011.30102. For Adobe Acrobat and Reader versions 2015.006.30452 and earlier, update to a version later than 2015.006.30452. As a temporary workaround, consider restricting access to sensitive information until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Adobe Acrobat and Reader versions 2015.006.30452 and earlier Adobe Acrobat and Reader versions 2017.011.30102 and earlier Adobe Acrobat and Reader versions 2018.011.20063 and earlier **Description** The issue is related to an out-of-bounds write vulnerability in memory. This can be exploited by a remote attacker using a specially crafted PDF file, potentially allowing them to execute arbitrary code. **Recommendations** For versions 2015.006.30452 and earlier, update to a version later than 2015.006.30452 to resolve the issue. For versions 2017.011.30102 and earlier, update to a version later than 2017.011.30102 to resolve the issue. For versions 2018.011.20063 and earlier, update to a version later than 2018.011.20063 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Adobe Acrobat and Reader versions 2018.011.20063 and earlier Adobe Acrobat and Reader versions 2017.011.30102 and earlier Adobe Acrobat and Reader versions 2015.006.30452 and earlier **Description** The issue is related to an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. This can be achieved by using a specially crafted U3D file, allowing a remote attacker to execute arbitrary code. **Recommendations** For Adobe Acrobat and Reader versions 2018.011.20063 and earlier, update to a version later than 2018.011.20063 to resolve the issue. For Adobe Acrobat and Reader versions 2017.011.30102 and earlier, update to a version later than 2017.011.30102 to resolve the issue. For Adobe Acrobat and Reader versions 2015.006.30452 and earlier, update to a version later than 2015.006.30452 to resolve the issue. As a temporary workaround, consider avoiding the use of U3D files in Adobe Acrobat and Reader until a patch is available.