Glenn Lloyd

**Name of the Vulnerable Software and Affected Versions** Adobe Genuine Integrity Service versions Version 6.4 and earlier **Description** The issue is related to insecure file permissions in the Adobe Genuine Integrity Service, which can be exploited to escalate privileges. This could allow a remote attacker to gain elevated access. **Recommendations** For Adobe Genuine Integrity Service versions Version 6.4 and earlier, update to a version later than 6.4 to resolve the issue. As a temporary workaround, consider restricting access to sensitive files and directories to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows (affected versions not specified) **Description** The issue is related to errors in handling certain symbolic links, which can allow an attacker to elevate their privileges using a specially crafted application. This can affect the system, potentially leading to privilege escalation. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** McAfee VirusScan Enterprise versions prior to 8.8 Patch 15 **Description** The issue is related to insufficient access control in McAfee VirusScan Enterprise, which can be exploited to elevate privileges. This can occur during daily DAT updates, allowing local users to delete and create files they would not normally have permission to access by altering the target of symbolic links. This exploit is timing-dependent. **Recommendations** For versions prior to 8.8 Patch 15, update to 8.8 Patch 15 or later to resolve the issue. As a temporary workaround, consider restricting access to the symbolic links that can be altered during the daily DAT updates until a patch is applied.