Zheng Huang

**Name of the Vulnerable Software and Affected Versions** Mongoose versions prior to 6.15 **Description** A critical heap-based buffer overflow issue was discovered in the parse mqtt() function in mg mqtt.c. **Recommendations** For versions prior to 6.15, update to version 6.15 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google TensorFlow versions prior to 1.12.2 **Description** The issue is related to a NULL pointer dereference that could cause a denial of service via an invalid GIF file. **Recommendations** For versions prior to 1.12.2, update to version 1.12.2 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Windows Adobe Type Manager Font Driver (ATMFD.dll) versions prior to the fixed version Windows 7 Windows Server 2008 Windows Server 2008 R2 Windows 8.1 Windows RT 8.1 Windows Server 2012 Windows Server 2012 R2 Windows Server 2016 Windows 10 Windows 10 Servers Description: An elevation of privilege issue exists due to the improper handling of objects in memory. This allows attackers to affect the system. The estimated number of potentially affected devices worldwide is not specified. Recommendations: For Windows 7, apply the patch to fix the elevation of privilege vulnerability. For Windows Server 2008, apply the patch to fix the elevation of privilege vulnerability. For Windows Server 2008 R2, apply the patch to fix the elevation of privilege vulnerability. For Windows 8.1, apply the patch to fix the elevation of privilege vulnerability. For Windows RT 8.1, apply the patch to fix the elevation of privilege vulnerability. For Windows Server 2012, apply the patch to fix the elevation of privilege vulnerability. For Windows Server 2012 R2, apply the patch to fix the elevation of privilege vulnerability. For Windows Server 2016, apply the patch to fix the elevation of privilege vulnerability. For Windows 10, apply the patch to fix the elevation of privilege vulnerability. For Windows 10 Servers, apply the patch to fix the elevation of privilege vulnerability. As a temporary workaround, consider restricting access to the ATMFD.dll until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 10.3.2 Apple Safari versions prior to 10.1.1 Apple iCloud versions prior to 6.2.1 on Windows Apple tvOS versions prior to 10.2.1 **Description** The issue involves the WebKit component and allows remote attackers to execute arbitrary code or cause a denial of service, resulting in memory corruption and application crash, via a crafted web site. **Recommendations** For iOS versions prior to 10.3.2, update to version 10.3.2 or later. For Safari versions prior to 10.1.1, update to version 10.1.1 or later. For iCloud versions prior to 6.2.1 on Windows, update to version 6.2.1 or later. For tvOS versions prior to 10.2.1, update to version 10.2.1 or later.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 10.3.2 Apple Safari versions prior to 10.1.1 **Description** The issue involves the WebKit component and allows remote attackers to execute arbitrary code or cause a denial of service, resulting in memory corruption and application crash, via a crafted web site. **Recommendations** For Apple iOS versions prior to 10.3.2, update to version 10.3.2 or later to resolve the issue. For Apple Safari versions prior to 10.1.1, update to version 10.1.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 10.3 Safari versions prior to 10.1 tvOS versions prior to 10.2 **Description** The issue involves the `WebKit` component and allows remote attackers to execute arbitrary code or cause a denial of service, resulting in memory corruption and application crash, via a crafted web site. This is caused by a buffer overflow in memory, which can be exploited by a remote attacker using a specially formed web site. **Recommendations** For iOS versions prior to 10.3, update to version 10.3 or later. For Safari versions prior to 10.1, update to version 10.1 or later. For tvOS versions prior to 10.2, update to version 10.2 or later.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 10.3 Safari versions prior to 10.1 tvOS versions prior to 10.2 **Description** The issue is caused by a buffer overflow in the WebKit component, allowing remote attackers to execute arbitrary code or cause a denial of service, such as memory corruption and application crash, via a specially crafted web site. **Recommendations** For iOS versions prior to 10.3, update to version 10.3 or later. For Safari versions prior to 10.1, update to version 10.1 or later. For tvOS versions prior to 10.2, update to version 10.2 or later.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 10.2 Safari versions prior to 10.0.2 iCloud versions prior to 6.1 iTunes versions prior to 12.5.4 **Description** The issue involves the WebKit component and is caused by a buffer overflow in memory. It allows remote attackers to execute arbitrary code or cause a denial of service, such as memory corruption and application crash, via a specially crafted web site. **Recommendations** For iOS versions prior to 10.2, update to version 10.2 or later. For Safari versions prior to 10.0.2, update to version 10.0.2 or later. For iCloud versions prior to 6.1, update to version 6.1 or later. For iTunes versions prior to 12.5.4, update to version 12.5.4 or later.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 10 iTunes versions prior to 12.5.1 on Windows iCloud versions prior to 6.0 on Windows Safari versions prior to 10 **Description** The issue allows remote attackers to execute arbitrary code or cause a denial of service due to memory corruption via a crafted web site. **Recommendations** For Apple iOS versions prior to 10, update to version 10 or later. For iTunes versions prior to 12.5.1 on Windows, update to version 12.5.1 or later. For iCloud versions prior to 6.0 on Windows, update to version 6.0 or later. For Safari versions prior to 10, update to version 10 or later.

**Name of the Vulnerable Software and Affected Versions** Microsoft Internet Explorer versions 9 through 11 Microsoft Edge (affected versions not specified) **Description** The issue is caused by a buffer overflow, allowing a remote attacker to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. This can enable an attacker to take control of an affected system, install programs, view, change, or delete data, or create new accounts with full user rights, especially if the current user has administrative rights. **Recommendations** For Microsoft Internet Explorer versions 9 through 11, update to a version that is not affected by this issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Internet Explorer (affected versions not specified) Microsoft Edge (affected versions not specified) **Description** The issue is caused by a buffer overflow. It allows a remote attacker to execute arbitrary code or cause a denial of service (memory corruption) by using a specially crafted website. The vulnerability can be exploited when Internet Explorer improperly accesses objects in memory, potentially corrupting memory and allowing an attacker to execute arbitrary code in the context of the current user. If the current user has administrative rights, a successful exploitation could lead to an attacker taking control of the affected system, installing programs, viewing, changing, or deleting data, or creating new accounts with full user rights. **Recommendations** For Internet Explorer, consider disabling access to specially crafted websites until a patch is available. For Microsoft Edge, restrict the use of memory-intensive operations to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Internet Explorer (affected versions not specified) **Description** The issue is caused by a buffer overflow and improper memory object access, allowing a remote attacker to execute arbitrary code or cause a denial of service (memory corruption) via a specially crafted website. This could lead to memory corruption, enabling an attacker to execute arbitrary code in the context of the current user. If the user has administrative rights, a successful exploit could allow the attacker to take control of the affected system, install programs, view or modify data, or create new accounts with full user rights. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Internet Explorer versions 11 and earlier Microsoft Edge (affected versions not specified) **Description** The issue is caused by memory corruption, allowing remote attackers to execute arbitrary code or cause a denial of service via a crafted web site. This could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the issue could take control of an affected system, then install programs, view, change, or delete data, or create new accounts with full user rights. **Recommendations** For Microsoft Internet Explorer version 11, update to a version that is not affected by this issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Internet Explorer (affected versions not specified) **Description** The issue is caused by a buffer overflow in Internet Explorer, allowing a remote attacker to execute arbitrary code or cause a denial of service (memory corruption) by using a specially crafted website. This vulnerability could corrupt memory, enabling an attacker to execute arbitrary code in the context of the current user. If the current user has administrative rights, a successful exploitation could allow the attacker to take control of the affected system, install programs, view, change, or delete data, or create new accounts with full user rights. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Internet Explorer 11 **Description** The issue is related to a use-after-free vulnerability in the CElement object implementation, allowing remote attackers to execute arbitrary code or cause a denial of service due to memory corruption. This can be achieved via crafted JavaScript that improperly interacts with the use of the Cascading Style Sheets (CSS) empty-cells property for a TABLE element. **Recommendations** For Internet Explorer 11, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Internet Explorer (affected versions not specified) **Description** The issue is caused by a buffer overflow in dynamic memory, allowing a remote attacker to execute arbitrary code or cause a denial of service via a specially crafted website. This can corrupt memory, enabling an attacker to execute code in the context of the current user. If the current user has administrative rights, the attacker could gain complete control of the system, install programs, view or modify data, or create new accounts with full rights. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Internet Explorer (affected versions not specified) **Description** The issue is caused by improper memory access in Internet Explorer, which can lead to remote code execution. This could allow an attacker to execute arbitrary code in the context of the current user, potentially gaining the same user rights as the current user. If the current user has administrative rights, the attacker could take complete control of the affected system, allowing them to install programs, view, change, or delete data, or create new accounts with full user rights. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.