Filip_Dragovic

Name of the Vulnerable Software and Affected Versions: Microsoft PC Manager (affected versions not specified) Description: The issue is related to improper access control in Microsoft PC Manager, allowing an authorized attacker to elevate privileges locally. This can lead to a local privilege escalation vulnerability. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows versions prior to July 8, 2025 **Description** An improper link resolution vulnerability exists in the Windows Update Service before file access. This allows an authorized attacker to elevate privileges locally. The vulnerability affects Windows 10 and Windows 11 clients with at least two hard drives. The `wuauserv` service is involved, and the vulnerability relates to incorrect handling of symbolic links during file access, potentially enabling arbitrary file deletion and privilege escalation. **Recommendations** Update your systems to the latest version available before July 8, 2025, to address this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Avira Prime (affected versions not specified) **Description** The issue is related to the Avira Spotlight Service in Avira Prime, which incorrectly handles symbolic links before accessing a file. This can be exploited by a local attacker to escalate privileges and execute arbitrary code in the context of SYSTEM. The attacker must first obtain the ability to execute low-privileged code on the target system. The vulnerability allows an attacker to create a symbolic link and abuse the service to delete a file, leading to privilege escalation. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** G Data Total Security (affected versions not specified) **Description** This issue allows local attackers to escalate privileges on affected installations of G Data Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this issue. The specific flaw exists within the GDBackupSvc service, where an attacker can create a symbolic link to abuse the service and create a file with a permissive DACL, potentially leading to privilege escalation and execution of arbitrary code in the context of SYSTEM. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Check Point ZoneAlarm Extreme Security (affected versions not specified) **Description** This issue allows local attackers to escalate privileges on affected installations. The flaw exists within the Forensic Recorder service, where an attacker can create a symbolic link to abuse the service and overwrite arbitrary files, potentially executing arbitrary code in the context of SYSTEM. An attacker must first obtain the ability to execute low-privileged code on the target system to exploit this issue. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.