Shi Ji

**Nome do software vulnerável e versões afetadas** Microsoft Office Access Connectivity Engine (versões afetadas não especificadas) **Descrição** Existe uma vulnerabilidade que permite a execução remota de código devido ao tratamento inadequado de objetos na memória pelo Microsoft Office Access Connectivity Engine. Isso poderia permitir que um invasor remoto executasse código arbitrário no sistema da vítima, induzindo-a a abrir um arquivo especialmente criado para esse fim. **Recomendações** No momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.

**Name of the Vulnerable Software and Affected Versions** libdwarf versions prior to 20160923 **Description** The issue allows remote attackers to cause a denial of service, specifically an out-of-bounds read, via crafted input. This is due to a problem in the `read line table program` function in `dwarf line table reader common.c`. **Recommendations** For versions prior to 20160923, update to version 20160923 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** MuJS (affected versions not specified) **Description** The issue allows attackers to cause a denial of service, specifically an out-of-bounds read, by providing a specific input that ends with an asterisk (*). This is related to the chartorune function in MuJS. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Artifex Software MuJS (affected versions not specified) **Description** The issue is related to a heap-based buffer overflow in the Fp toString function in jsfunction.c, which can be triggered by crafted input. This can cause a denial of service, resulting in a crash. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Artifex Software, Inc. MuJS versions before 5008105780c0b0182ea6eda83ad5598f225be3ee **Description** The issue allows context-dependent attackers to conduct denial of service attacks by using the malformed labeled break/continue in JavaScript approach, related to a NULL pointer dereference issue affecting the jscompile.c component. **Recommendations** For versions before 5008105780c0b0182ea6eda83ad5598f225be3ee, update to version 5008105780c0b0182ea6eda83ad5598f225be3ee or later to resolve the issue. As a temporary workaround, consider restricting the use of malformed labeled break/continue statements in JavaScript until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Artifex Software, Inc. MuJS versions before a0ceaf5050faf419401fe1b83acfa950ec8a8a89 **Description** The issue allows context-dependent attackers to obtain sensitive information by using the crafted JavaScript approach, related to a Buffer Over-read issue. **Recommendations** For versions before a0ceaf5050faf419401fe1b83acfa950ec8a8a89, update to a version that includes the fix for this issue to prevent sensitive information disclosure.

**Name of the Vulnerable Software and Affected Versions** Artifex Software, Inc. MuJS versions before a5c747f1d40e8d6659a37a8d25f13fb5acf8e767 **Description** The issue allows context-dependent attackers to obtain sensitive information by using the "opname in crafted JavaScript file" approach, related to an "Out-of-Bounds read" issue affecting the `jsC dumpfunction` function in the jsdump.c component. **Recommendations** For versions before a5c747f1d40e8d6659a37a8d25f13fb5acf8e767, consider updating to a version that includes the fix for the "Out-of-Bounds read" issue in the `jsC dumpfunction` function. As a temporary workaround, consider restricting the use of crafted JavaScript files to minimize the risk of exploitation.