Chris Au

AllPlayer 7.4 contains a local buffer overflow vulnerability in URL handling that allows attackers to overwrite structured exception handling pointers by supplying an excessively long URL string. Attackers can craft a malicious URL, paste it into the Open URL dialog, and trigger SEH-based code execution to run arbitrary commands with user privileges.

Name of the Vulnerable Software and Affected Versions Rapid7 Velociraptor versions prior to 0.76.2 Description Rapid7 Velociraptor versions before 0.76.2 have an input validation issue in the client monitoring message handler on the Velociraptor server (primarily Linux). An authenticated remote attacker can write to arbitrary internal server queues by sending a crafted monitoring message with a malicious queue name. The server handler does not properly validate the queue name provided by the client, allowing a malicious client to write messages to privileged internal queues. This could lead to remote code execution on the Velociraptor server. Rapid7 Hosted Velociraptor instances are not affected. Recommendations Update to version 0.76.2 or later.

**Name of the Vulnerable Software and Affected Versions** River Past Cam Do version 3.7.6 **Description** A local buffer overflow exists in the activation code input field. A local attacker can execute arbitrary code by providing a malicious activation code string. This is achieved by crafting a buffer with 608 bytes of junk data, followed by shellcode and SEH (Structured Exception Handling) chain overwrite values, which triggers code execution during the processing of the input in the activation dialog. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FlexHEX version 2.71 **Description** A local buffer overflow exists in the Stream Name field. This allows local attackers to execute arbitrary code by triggering a structured exception handler (SEH) overflow—a condition where the program's error-handling mechanism is overwritten to redirect execution flow. An attacker can achieve this by creating a malicious text file containing shellcode and aligned SEH chain pointers and pasting the content into the Stream Name dialog. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** iPrint&Scan Desktop for Windows versions 11.0.0 and earlier **Description** The issue is related to improper link resolution before file access, also known as 'Link Following'. This could allow a malicious user to perform a symlink attack, potentially causing a Denial-of-service (DoS) condition on the PC. **Recommendations** For versions 11.0.0 and earlier, update to a version later than 11.0.0 to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable `iPrint&Scan Desktop for Windows` application until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Palo Alto Networks Cortex XDR agent versions prior to 5.0.12 Palo Alto Networks Cortex XDR agent versions prior to 6.1.9 Palo Alto Networks Cortex XDR agent versions prior to 7.2.4 Palo Alto Networks Cortex XDR agent versions prior to 7.3.2 **Description** An improper link resolution before file access issue exists in the Palo Alto Networks Cortex XDR agent on Windows platforms, enabling a local user to delete arbitrary system files, impact system integrity, or cause a denial of service condition. **Recommendations** For versions prior to 5.0.12, update to version 5.0.12 or later. For versions prior to 6.1.9, update to version 6.1.9 or later. For versions prior to 7.2.4, update to version 7.2.4 or later. For versions prior to 7.3.2, update to version 7.3.2 or later.

**Name of the Vulnerable Software and Affected Versions** Palo Alto Networks Cortex XDR Agent versions 7.1 with content update 149 and earlier versions Palo Alto Networks Cortex XDR Agent versions 7.2 with content update 149 and earlier versions **Description** A local privilege escalation issue exists in Palo Alto Networks Cortex XDR Agent on the Windows platform, allowing an authenticated local Windows user to execute programs with SYSTEM privileges. This requires the user to have the privilege to create files in the Windows root directory. **Recommendations** For versions 7.1 with content update 149 and earlier versions, update to a version with a content update later than 149 to resolve the issue. For versions 7.2 with content update 149 and earlier versions, update to a version with a content update later than 149 to resolve the issue. As a temporary workaround, consider restricting access to the Windows root directory to prevent users from creating files in this location, thereby minimizing the risk of exploitation.