Chen Qingyang

**Name of the Vulnerable Software and Affected Versions** Input Method Editor (IME) (affected versions not specified) **Description** The issue is related to a remote code execution problem in the Input Method Editor (IME) component, which can be exploited by remote attackers to execute arbitrary code on the system. This is due to the use of memory after it has been freed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Windows Update Stack versions prior to the fixed version Description: The issue is related to inadequate access control in the Windows Update Stack component of the Microsoft Windows operating system. This can be exploited to elevate privileges. There is an estimated risk due to improper access controls. Recommendations: For versions prior to the fixed version, apply the patch immediately to mitigate the risk. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Microsoft SQL Server (affected versions not specified) Description: The issue is related to a memory management problem, specifically a use-after-free condition. This could allow an attacker to execute arbitrary code. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows Shell (affected versions not specified) **Description** The issue is related to a memory use after free vulnerability in the Windows Shell. This vulnerability can be exploited by remote attackers to execute arbitrary code on the system, potentially affecting it. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows (affected versions not specified) **Description** The issue is related to an uncontrolled search path element in the Windows OLE mechanism. It allows a remote attacker to execute arbitrary code. There is no information about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows (affected versions not specified) **Description** The issue is related to insufficient access control in the Windows kernel, allowing an attacker to elevate their privileges using specially crafted malicious COM objects. This can affect the system, potentially leading to unauthorized access or control. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows (affected versions not specified) **Description** The issue is related to insufficient input validation in the Windows OLE technology, which allows binding and embedding objects into other documents and objects. This can lead to remote code execution, enabling an attacker to execute arbitrary code and affect the system. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows Geolocation Service (affected versions not specified) **Description** The issue is related to insufficient input validation in the Windows Geolocation Service, which can be exploited by an attacker to execute arbitrary code using a specially crafted file. This can allow remote attackers to affect the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows (affected versions not specified) **Description** The issue is related to insufficient input validation in the Windows Hello biometric authentication function of Windows operating systems. This can be exploited to execute arbitrary code using a specially crafted file. The vulnerability allows remote attackers to execute arbitrary code and affect the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.