Edi Strosar

Name of the Vulnerable Software and Affected Versions: MicroWorld eScan Virus Control version 9.0.722.1 MicroWorld Anti-Virus version 9.0.722.1 MicroWorld Internet Security version 9.0.722.1 Description: The issue allows local users to gain privileges by replacing application files due to weak permissions set for the installation directory trees. This is demonstrated by the potential to modify traysser.exe. Recommendations: For MicroWorld eScan Virus Control version 9.0.722.1, consider restricting access to the installation directory to prevent unauthorized file replacements. For MicroWorld Anti-Virus version 9.0.722.1, restrict write access to the application files to mitigate the risk of exploitation. For MicroWorld Internet Security version 9.0.722.1, limit permissions on the installation directory to prevent local users from modifying sensitive files.

Name of the Vulnerable Software and Affected Versions: Poslovni informator Republike Slovenije (PIRS) version 2007 Description: The issue is related to a buffer overflow in the pirs32.exe component, which can be triggered by a long search string in certain fields of the GUI. This can cause a denial of service, resulting in an application crash, and potentially allow the execution of arbitrary code. If PIRS is used by data-entry workers with limited access to the underlying Windows environment, this could lead to crossing privilege boundaries. Recommendations: For PIRS version 2007, consider restricting the input length in search fields to prevent buffer overflow exploitation until a fix is available. As a temporary workaround, limit the use of the pirs32.exe component to minimize the risk of arbitrary code execution.