Filip Dragovic

**Name of the Vulnerable Software and Affected Versions** Bitdefender Total Security version 27.0.46.231 **Description** A local privilege escalation issue exists in Bitdefender Total Security. A low-privileged attacker can gain elevated privileges due to improper symbolic link validation when `bdservicehost.exe` deletes files from a user-writable directory, specifically `C:ProgramDataAtcFeedback`. This allows for arbitrary file deletion. The issue is combined with a file copy operation during network events and a filter driver bypass through DLL injection, leading to arbitrary file copy and code execution with elevated user privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Intercept X for Windows versions prior to 2024.3.2 **Description** A vulnerability related to registry permissions in the Intercept X for Windows updater can allow a local user to gain SYSTEM level privileges during a product upgrade. **Recommendations** Update Intercept X for Windows to version 2024.3.2 or later.

Name of the Vulnerable Software and Affected Versions: Microsoft PC Manager (affected versions not specified) Description: The issue is related to improper access control in Microsoft PC Manager, allowing an authorized attacker to elevate privileges locally. This can lead to a local privilege escalation vulnerability. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IBM webMethods Integration Server versions 10.5, 10.7, 10.11, and 10.15 **Description** The issue is related to an XML external entity injection (XXE) attack when processing XML data. A remote authenticated attacker could exploit this to execute arbitrary commands. **Recommendations** For IBM webMethods Integration Server versions 10.5, 10.7, 10.11, and 10.15, consider disabling XML external entity processing until a patch is available. Restrict access to XML data processing modules to minimize the risk of exploitation. Avoid using vulnerable XML parsing functions until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Oracle VM VirtualBox versions prior to 7.0.16 **Description** The issue is related to errors in processing input data in the Core component of Oracle VM VirtualBox. This can be exploited by an attacker to elevate privileges or execute arbitrary code by manipulating log files. The vulnerability applies to Windows hosts only and can result in the takeover of Oracle VM VirtualBox. Successful attacks can compromise the confidentiality, integrity, and availability of the system. **Recommendations** For Oracle VM VirtualBox versions prior to 7.0.16, update to version 7.0.16 or later to resolve the issue. As a temporary workaround, consider restricting access to the Core component or limiting the ability to manipulate log files in the C:ProgramDataVirtualBox directory to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Avira Prime (affected versions not specified) **Description** The issue is related to the Avira Spotlight Service in Avira Prime, which incorrectly handles symbolic links before accessing a file. This can be exploited by a local attacker to escalate privileges and execute arbitrary code in the context of SYSTEM. The attacker must first obtain the ability to execute low-privileged code on the target system. The vulnerability allows an attacker to create a symbolic link and abuse the service to delete a file, leading to privilege escalation. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** G Data Total Security (affected versions not specified) **Description** This issue allows local attackers to escalate privileges on affected installations of G Data Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this issue. The specific flaw exists within the GDBackupSvc service, where an attacker can create a symbolic link to abuse the service and create a file with a permissive DACL, potentially leading to privilege escalation and execution of arbitrary code in the context of SYSTEM. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Check Point ZoneAlarm Extreme Security (affected versions not specified) **Description** This issue allows local attackers to escalate privileges on affected installations. The flaw exists within the Forensic Recorder service, where an attacker can create a symbolic link to abuse the service and overwrite arbitrary files, potentially executing arbitrary code in the context of SYSTEM. An attacker must first obtain the ability to execute low-privileged code on the target system to exploit this issue. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Visual Studio (affected versions not specified) **Description** The issue is related to insufficient access restrictions in Microsoft Visual Studio, which can be exploited to elevate privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** .NET Framework (affected versions not specified) **Description** The issue is related to incorrect cleanup or release of resources in the .NET Framework, which can be exploited to cause a denial of service. This allows an attacker to affect the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows Malicious Software Removal Tool (affected versions not specified) **Description** The issue is related to synchronization errors when using a shared resource in the Malicious Software Removal Tool (MSRT), which can allow an attacker to elevate their privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows System Monitor (Sysmon) (affected versions not specified) **Description** The issue is related to insufficient access control in the Microsoft Windows System Monitor (Sysmon) service, which can allow an attacker to elevate their privileges. The vulnerability can be exploited to achieve arbitrary file deletion and limited arbitrary file write, potentially leading to code execution as NT AuthoritySystem. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Secure Client (formerly Cisco AnyConnect Secure Mobility Client) versions (affected versions not specified) **Description** A vulnerability in the client update process of Cisco Secure Client Software for Windows could allow a low-privileged, authenticated, local attacker to elevate privileges to those of SYSTEM. The client update process is executed after a successful VPN connection is established. This vulnerability exists because improper permissions are assigned to a temporary directory that is created during the update process. An attacker could exploit this vulnerability by abusing a specific function of the Windows installer process, such as the `vpndownloader.exe` process, which creates a directory in `c:windowstemp` with default permissions. A successful exploit could allow the attacker to execute code with SYSTEM privileges, potentially allowing for arbitrary file deletion as the NT AuthoritySYSTEM account. **Recommendations** As a temporary workaround, consider restricting access to the `vpndownloader.exe` process until a patch is available. Avoid using the default permissions for the temporary directory created by `vpndownloader.exe` in the `c:windowstemp` directory. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Avira Security versions prior to 1.1.72.30556 **Description** The issue is related to the Software Updater functionality of Avira Security, which allows an attacker with write access to the filesystem to escalate their privileges in certain scenarios. This is due to the possibility of downloading arbitrary files. **Recommendations** For versions prior to 1.1.72.30556, update to Avira Security version 1.1.72.30556 to resolve the issue. As a temporary workaround, consider restricting write access to the filesystem to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Windows Backup Service versions prior to the fixed version **Description** The issue is related to errors in privilege management within the Windows Backup Service, allowing an attacker to elevate their privileges to the level of SYSTEM. This can potentially impact the system, enabling malicious activities. There have been public proofs of concept (PoCs) released, demonstrating the ability to delete any file and launch a shell with elevated privileges. **Recommendations** For Windows Backup Service versions prior to the fixed version, consider disabling the vulnerable service until a patch is available to prevent potential exploitation. Restrict access to the Windows Backup Service to minimize the risk of elevation of privilege attacks. Avoid using the service for critical operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.