Alexander Staalgaard

Name of the Vulnerable Software and Affected Versions: Foxit PDF Reader (affected versions not specified) Description: The Foxit PDF Reader Update Service contains a local privilege escalation issue due to an uncontrolled search path element. This allows for potential exploitation by a local attacker. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IBM QRadar WinCollect Agent versions 10.0 through 10.1.6 **Description** The issue is related to insufficient access control in the IBM QRadar WinCollect Agent, which can be exploited by a remote attacker to elevate their privileges. A normal user could utilize this vulnerability to gain SYSTEM permissions when the agent is installed to run as ADMIN or SYSTEM. **Recommendations** For IBM QRadar WinCollect Agent versions 10.0 through 10.1.6, consider restricting the agent's privileges to prevent a local escalation of privilege attack until a patch is available. As a temporary workaround, avoid running the agent as ADMIN or SYSTEM to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** M-Files Installer versions prior to 22.6 **Description** The issue allows a user to gain SYSTEM privileges via DLL hijacking, which is an elevation of privilege problem. This can be exploited on Windows systems. **Recommendations** For versions prior to 22.6, update to version 22.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the M-Files Installer to minimize the risk of exploitation.