Filipe Xavier Oliveira

Name of the Vulnerable Software and Affected Versions: MicroWorld eScan Internet Security Suite (ISS) for Business version 14.0.1400.2029 Description: The issue allows a non-privileged user to cause a denial of service, resulting in a Blue Screen of Death (BSOD), by sending a specific IOCTL request to the ".econceal" endpoint. The request is sent using the 0x830020E0 IOCTL code, exploiting the econceal.sys driver. Recommendations: For version 14.0.1400.2029, consider disabling the econceal.sys driver as a temporary workaround to prevent exploitation until a patch is available.

Name of the Vulnerable Software and Affected Versions: G DATA Total Security version 25.4.0.3 Description: The issue is related to a buffer overflow in the GDASPAMLib.AntiSpam ActiveX control ASKGDASpam.dll. This buffer overflow can be triggered via a long `IsBlackListed` argument. Recommendations: For G DATA Total Security version 25.4.0.3, consider disabling the use of the `IsBlackListed` argument in the GDASPAMLib.AntiSpam ActiveX control until a patch is available.

**Name of the Vulnerable Software and Affected Versions** TotalAV version 4.1.7 **Description** An issue was discovered that allows an unprivileged user to modify or overwrite all of the product's files due to weak permissions under %PROGRAMFILES%. This weakness enables local users to gain privileges or obtain maximum control over the product. **Recommendations** For TotalAV version 4.1.7, consider restricting access to the product's files under %PROGRAMFILES% to prevent local users from modifying or overwriting them, until a fix is available.

**Name of the Vulnerable Software and Affected Versions** Panda Global Protection version 17.0.1 **Description** The issue concerns an unquoted Windows search path vulnerability in the panda url filtering service, which allows local users to gain privileges via a malicious artefact. **Recommendations** For Panda Global Protection version 17.0.1, update to a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Kingsoft WPS Office Free version 10.2.0.5978 **Description** The issue allows local users to gain privileges or cause a denial of service by impersonating all the pipes through a use of `.pipeWPSCloudSvrWpsCloudSvr`, which is described as an "insecurely created named pipe." This ensures full access to the Everyone users group. **Recommendations** For Kingsoft WPS Office Free version 10.2.0.5978, consider restricting access to the `.pipeWPSCloudSvrWpsCloudSvr` named pipe to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Hola version 1.79.859 **Description** An issue was discovered that allows an unprivileged user to modify or overwrite the executable with arbitrary code. This could lead to privilege escalation, depending on the user the service runs as. The issue is due to the SERVICE ALL ACCESS access right for the hola svc and hola updater services. **Recommendations** For Hola version 1.79.859, consider restricting access to the hola svc and hola updater services to prevent modification or overwriting of the executable until a fix is available. As a temporary workaround, restrict the SERVICE ALL ACCESS access right to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Panda Global Protection version 17.0.1 **Description** The issue allows local users to gain privileges or cause a denial of service by impersonating all the pipes through a use of `.pipePSANMSrvcPpal`, which is described as an "insecurely created named pipe." This ensures full access to the Everyone users group. **Recommendations** For Panda Global Protection version 17.0.1, consider restricting access to the `.pipePSANMSrvcPpal` named pipe to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** 10-Strike Network Monitor version 5.4 **Description** The issue is related to an unquoted Windows search path vulnerability in the srvInventoryWebServer service, which allows local users to gain privileges via a malicious artefact. **Recommendations** For version 5.4, update to a newer version that contains a fix for this issue to prevent local users from gaining privileges via a malicious artefact.

**Name of the Vulnerable Software and Affected Versions** BitDefender Total Security version 2018 **Description** The issue allows local users to gain privileges or cause a denial of service by impersonating all the pipes through the use of an insecurely created named pipe, ensuring full access to the Everyone users group. **Recommendations** For BitDefender Total Security version 2018, consider restricting access to the named pipe until a patch is available. As a temporary workaround, ensure that the system's access control is properly configured to limit the damage from potential exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Rapid Scada version 5.5.0 **Description** A local attacker can escalate privileges due to weak access control restrictions set during the installation of the product. The vulnerability exists within the access control and allows an attacker to execute arbitrary code under the context of Administrator, the IUSR account, or SYSTEM. **Recommendations** For Rapid Scada version 5.5.0, consider restricting access to the C:SCADA directory to prevent exploitation until a patch is available. As a temporary workaround, review and modify the access control settings to enforce stronger permissions, limiting the ability of attackers to leverage this flaw for privilege escalation.

**Name of the Vulnerable Software and Affected Versions** Flexense SyncBreeze Enterprise version 10.1.16 **Description** The issue is related to a buffer overflow that can be exploited for arbitrary code execution. This is triggered by providing a long input into the `Destination directory` field, either within an XML document or through the use of passive mode. **Recommendations** For Flexense SyncBreeze Enterprise version 10.1.16, avoid using long inputs in the `Destination directory` field until a fix is available. As a temporary workaround, consider restricting the length of inputs in this field to prevent potential exploitation.