Doit_Man

**Name of the Vulnerable Software and Affected Versions** SamsungRecovery versions prior to 8.1.43.0 **Description** The issue is related to improper access control in SamsungRecovery, allowing local attackers to delete arbitrary files with SamsungRecovery permission. **Recommendations** For versions prior to 8.1.43.0, update to version 8.1.43.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Samsung Security Supporter versions prior to 1.2.40.0 **Description** The issue is related to improper access control, allowing an attacker to set an arbitrary folder as a Secret Folder without the necessary permission from Samsung Security Supporter. **Recommendations** For versions prior to 1.2.40.0, update to version 1.2.40.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Acer QuickAccess versions 2.01.300x through 2.01.3029 Acer QuickAccess versions 3.00.30xx through 3.00.3037 **Description** The issue concerns a local privilege escalation. It involves a user process communicating with a system authority service through a named pipe, where the named pipe has read and write rights for general users. The service program fails to verify the user during communication, allowing a thread to exist with a specific command. When the path of the program to be executed is sent, it results in local privilege escalation, where the service program executes the path with system privileges. **Recommendations** For Acer QuickAccess versions 2.01.300x through 2.01.3029, update to version 2.01.3030 or later. For Acer QuickAccess versions 3.00.30xx through 3.00.3037, update to version 3.00.3038 or later.