Ricardo Narvaja

**Nome do software vulnerável e versões afetadas** Versões do Microsoft Windows anteriores à versão corrigida Microsoft Windows 10 Microsoft Windows 11 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 2022 **Descrição** Um sequestro de DLL causado pelo remapeamento de unidades combinado com o envenenamento do cache de ativação no Microsoft Windows permite que um invasor mal-intencionado autenticado eleve um processo de integridade média para um processo de alta integridade sem a intervenção de um prompt do UAC. Esse problema pode ser explorado para contornar o controle de acesso do usuário e obter privilégios totais do sistema. A vulnerabilidade está sendo explorada ativamente. **Recomendações** Para o Microsoft Windows 10, atualize para uma versão que inclua a correção para esta vulnerabilidade. Para o Microsoft Windows 11, atualize para uma versão que inclua a correção para esta vulnerabilidade. Para o Microsoft Windows Server 2016, atualize para uma versão que inclua a correção para esta vulnerabilidade. Para o Microsoft Windows Server 2019, atualize para uma versão que inclua a correção para esta vulnerabilidade. Para o Microsoft Windows Server 2022, atualize para uma versão que inclua a correção para esta vulnerabilidade. Como solução alternativa temporária, considere restringir o acesso ao recurso de remapeamento de unidade para minimizar o risco de exploração. Evite usar o recurso de remapeamento de unidade vulnerável até que o problema seja resolvido.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, and Windows Server 2022 (affected versions not specified) **Description** A Denial of Service in the CLFS.sys driver allows a malicious authenticated low-privilege user to cause a Blue Screen of Death via a forced call to the `KeBugCheckEx` function. The vulnerability is caused by improper validation of specified quantities in input data, leading to an unrecoverable inconsistency. This flaw can be exploited to crash systems repeatedly, disrupting operations. The estimated number of potentially affected devices worldwide is not specified. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Advantech WebAccess versions 7.2 **Description** A stack-based buffer overflow issue allows remote attackers to execute arbitrary code via the `UserName` parameter. **Recommendations** For Advantech WebAccess version 7.2, update to a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Advantech WebAccess version 7.2 **Description** A stack-based buffer overflow issue allows remote attackers to execute arbitrary code via the `password` parameter. **Recommendations** For Advantech WebAccess version 7.2, consider restricting access to the login functionality until a patch is available. Avoid using the `password` parameter in a way that could trigger the buffer overflow until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** XnView versions prior to 2.04 **Description** A buffer overflow issue allows remote attackers to execute arbitrary code via a crafted PCT file. **Recommendations** For versions prior to 2.04, update to version 2.04 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Lattice Diamond Programmer version 1.4.2 **Description** The issue allows user-assisted remote attackers to cause a denial of service and execute arbitrary code via a long string in a version attribute of an `ispXCF` element in an `.xcf` file. **Recommendations** For Lattice Diamond Programmer version 1.4.2, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** VLC Media Player versions prior to 1.1.8 **Description** The issue allows remote attackers to execute arbitrary code via a crafted width in an NSV file. This is related to the libdirectx plugin.dll component. **Recommendations** For versions prior to 1.1.8, update to version 1.1.8 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Microsoft Office Word versions 2000 SP3 and 2002 SP3 Microsoft Office 2004 for Mac **Description** A remote code execution issue exists in the way Word handles specially crafted Word files, potentially allowing arbitrary code execution if a user opens a malformed file. This could be triggered by a crafted lcbPlcfBkfSdt field in the File Information Block (FIB), bypassing an initialization step and causing an "arbitrary free." Users with fewer user rights on the system may be less impacted than those operating with administrative rights. **Recommendations** For Microsoft Office Word 2000 SP3, update to a version that is not affected by this issue. For Microsoft Office Word 2002 SP3, apply the necessary patch or update to a secure version. For Microsoft Office 2004 for Mac, consider disabling the handling of specially crafted Word files until a patch is available.