Cheng-Da Tsai

**Name of the Vulnerable Software and Affected Versions** MobileIron Core versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0 MobileIron Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0 MobileIron Sentry versions 9.7.2 and earlier, and 9.8.0 MobileIron Monitor and Reporting Database (RDB) version 2.0.0.1 and earlier **Description** The issue is related to insufficient access control in MobileIron products, allowing a remote attacker to execute arbitrary code. This can be achieved via unspecified vectors, potentially leading to remote code execution. **Recommendations** For MobileIron Core versions 10.3.0.3 and earlier, update to version 10.3.0.4 or later. For MobileIron Core versions 10.4.x, update to version 10.4.0.4 or later. For MobileIron Core versions 10.5.x, update to version 10.5.1.1 or later. For MobileIron Core versions 10.5.2.x, update to version 10.5.2.1 or later. For MobileIron Core versions 10.6.x, update to version 10.6.0.1 or later. For MobileIron Connector versions 10.3.0.3 and earlier, update to version 10.3.0.4 or later. For MobileIron Connector versions 10.4.x, update to version 10.4.0.4 or later. For MobileIron Connector versions 10.5.x, update to version 10.5.1.1 or later. For MobileIron Connector versions 10.5.2.x, update to version 10.5.2.1 or later. For MobileIron Connector versions 10.6.x, update to version 10.6.0.1 or later. For MobileIron Sentry versions 9.7.2 and earlier, update to version 9.7.3 or later. For MobileIron Sentry version 9.8.0, update to version 9.8.1 or later. For MobileIron Monitor and Reporting Database (RDB) version 2.0.0.1 and earlier, update to a version later than 2.0.0.1.

**Name of the Vulnerable Software and Affected Versions** Microsoft Internet Explorer version 9 **Description** A use-after-free issue allows remote attackers to execute arbitrary code via a crafted web site. The vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. This issue is related to the way Internet Explorer accesses an object that has not been correctly initialized or has been deleted. **Recommendations** For Microsoft Internet Explorer version 9, at the moment, there is no information about a newer version that contains a fix for this vulnerability.