Ba1_Ma0

Incorrect default permissions in the installation directory for the AMD chipset driver could allow an attacker to achieve privilege escalation resulting in arbitrary code execution.

Name of the Vulnerable Software and Affected Versions: CBEWIN Anytxt Searcher version 1.3.1128.0 Description: A critical vulnerability was found in CBEWIN Anytxt Searcher, affecting the file ATService.exe. This issue leads to an uncontrolled search path. The attack requires local access and has a high complexity, making exploitation difficult. The vulnerability is classified as critical. Recommendations: For version 1.3.1128.0, as a temporary workaround, consider restricting access to the ATService.exe file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Shanghai Bairui Information Technology SunloginClient version 15.8.3.19819 **Description** A critical vulnerability has been found in the library process.dll of the file sunlogin guard.exe, affecting an unknown part. The manipulation leads to an uncontrolled search path. Local access is required to approach this attack, with a rather high complexity and difficult exploitability. The exploit has been disclosed to the public and may be used. **Recommendations** For Shanghai Bairui Information Technology SunloginClient version 15.8.3.19819, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Hainan ToDesk version 4.7.6.3 **Description** A critical vulnerability was found in Hainan ToDesk, affecting unknown code in the library profapi.dll of the component DLL File Parser. The manipulation leads to an uncontrolled search path, making it possible to launch an attack on the local host. The complexity of the attack is rather high, and the exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond. **Recommendations** As a temporary workaround, consider restricting access to the vulnerable `profapi.dll` library until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mechrevo Control Console version 1.0.2.70 **Description** A critical issue affects an unknown functionality in the library C:Program FilesOEMMECHREVO Control CenterUniwillServiceMyControlCentercsCAPI.dll of the component GCUService. The manipulation leads to an uncontrolled search path. An attack must be approached locally and has a rather high complexity. The exploitation is known to be difficult. **Recommendations** For Mechrevo Control Console version 1.0.2.70, consider restricting access to the library C:Program FilesOEMMECHREVO Control CenterUniwillServiceMyControlCentercsCAPI.dll to minimize the risk of exploitation. As a temporary workaround, consider disabling the functionality related to the GCUService component until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.