Abdul-Aziz Hariri

Name of the Vulnerable Software and Affected Versions: Microsoft Windows Codecs Library (affected versions not specified) Description: A remote code execution issue exists in the way Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploits this issue could take control of the affected system, allowing them to install programs, view, change, or delete data, or create new accounts with full user rights. Exploitation requires a program to process a specially crafted image file. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Adobe Acrobat versions prior to 2020.009.20074 Adobe Reader versions prior to 2020.009.20074 Adobe Acrobat versions 2017.011.30171 and earlier Adobe Reader versions 2017.011.30171 and earlier Adobe Acrobat versions 2015.006.30523 and earlier Adobe Reader versions 2015.006.30523 and earlier Description: The issue is related to an out-of-bounds read vulnerability in Adobe Acrobat and Reader. This vulnerability can be exploited by a remote attacker to gain unauthorized access to protected information, potentially leading to information disclosure. Recommendations: For Adobe Acrobat and Reader versions prior to 2020.009.20074, update to a version later than 2020.009.20074. For Adobe Acrobat and Reader versions 2017.011.30171 and earlier, update to a version later than 2017.011.30171. For Adobe Acrobat and Reader versions 2015.006.30523 and earlier, update to a version later than 2015.006.30523. As a temporary workaround, consider restricting access to sensitive information until a patch is available.

Name of the Vulnerable Software and Affected Versions: Adobe Acrobat versions prior to 2020.009.20074 Adobe Reader versions prior to 2020.009.20074 Adobe Acrobat versions 2017.011.30171 and earlier Adobe Reader versions 2017.011.30171 and earlier Adobe Acrobat versions 2015.006.30523 and earlier Adobe Reader versions 2015.006.30523 and earlier Description: The issue is related to an out-of-bounds read operation in memory, which can be exploited by a remote attacker to gain unauthorized access to protected information. This can lead to information disclosure. Recommendations: For Adobe Acrobat and Reader versions 2020.009.20074 and earlier, update to a version later than 2020.009.20074. For Adobe Acrobat and Reader versions 2017.011.30171 and earlier, update to a version later than 2017.011.30171. For Adobe Acrobat and Reader versions 2015.006.30523 and earlier, update to a version later than 2015.006.30523. As a temporary workaround, consider restricting access to sensitive information until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Adobe Acrobat and Reader versions 2020.009.20074 and earlier Adobe Acrobat and Reader version 2020.001.30002 Adobe Acrobat and Reader versions 2017.011.30171 and earlier Adobe Acrobat and Reader versions 2015.006.30523 and earlier **Description** The issue is related to a security bypass vulnerability that could lead to the bypass of security features. Successful exploitation could allow an attacker to bypass existing security restrictions. This vulnerability is associated with a memory leak and can be exploited by a remote attacker. **Recommendations** For Adobe Acrobat and Reader versions 2020.009.20074 and earlier, update to a version later than 2020.009.20074 to resolve the issue. For Adobe Acrobat and Reader version 2020.001.30002, update to a version later than 2020.001.30002 to resolve the issue. For Adobe Acrobat and Reader versions 2017.011.30171 and earlier, update to a version later than 2017.011.30171 to resolve the issue. For Adobe Acrobat and Reader versions 2015.006.30523 and earlier, update to a version later than 2015.006.30523 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows Codecs Library (affected versions not specified) **Description** A remote code execution issue exists due to errors in handling objects in memory. This can be exploited by an attacker to execute arbitrary code using a specially crafted image file. The vulnerability is related to the processing of media content and can lead to out-of-bounds write issues when parsing certain file types, such as MKV or HEIC files. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Internet Explorer versions 10 through 11 **Description** The issue is related to a use-after-free error due to insufficient validation of user-input data when handling the DOM tree, allowing remote attackers to execute arbitrary code or cause a denial of service via a crafted web site. This could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. **Recommendations** For Microsoft Internet Explorer versions 10 through 11, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Internet Explorer versions 6 through 11 **Description** The issue allows remote attackers to execute arbitrary code or cause a denial of service due to memory corruption via a crafted web site. This occurs because Internet Explorer improperly accesses objects in memory, potentially corrupting memory in a way that enables an attacker to execute arbitrary code in the context of the current user. **Recommendations** For Microsoft Internet Explorer versions 6 through 11, at the moment, there is no information about a newer version that contains a fix for this vulnerability.