Goodbyeselene

**Name of the Vulnerable Software and Affected Versions** Windows (affected versions not specified) **Description** A double free issue exists within the Windows Win32K component, specifically related to ICOMP. This condition allows a locally authorized attacker to gain elevated privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows (affected versions not specified) **Description** A use after free condition exists within the Windows Win32K component, specifically related to ICOMP. This allows a locally authorized attacker to gain elevated privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows Kernel (affected versions not specified) **Description** An integer overflow or wraparound condition exists in the Windows Kernel. Successful exploitation of this issue could allow an authorized attacker to elevate privileges locally. The issue allows attackers to affect the system, potentially leading to a compromise. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Windows versions (affected versions not specified) Description: A race condition exists due to improper synchronization when using shared resources within the Windows Win32K - GRFX component. This allows an authorized attacker to elevate privileges over a network. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Visual Studio (affected versions not specified) **Description** The issue is related to a remote code execution vulnerability in Visual Studio. It involves a memory reading vulnerability that allows an out-of-bounds memory read. Exploitation of this issue can enable a remote attacker to execute arbitrary code. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** .NET versions prior to the version with Diasymreader.dll 14.8.9294.0 .NET Framework versions prior to the version with Mscorlib.dll 4.8.4775.0 Visual Studio versions prior to the version with updated Diasymreader.dll and Mscorlib.dll **Description** The issue allows remote attackers to execute arbitrary code and affect the system. It is related to a buffer overflow in memory, where exploitation can allow a remote attacker to execute arbitrary code. The vulnerability is associated with the .NET Framework, .NET, and Microsoft Visual Studio. **Recommendations** .NET versions prior to the version with Diasymreader.dll 14.8.9294.0: Update to a version with Diasymreader.dll 14.8.9294.0 or later. .NET Framework versions prior to the version with Mscorlib.dll 4.8.4775.0: Update to a version with Mscorlib.dll 4.8.4775.0 or later. Visual Studio versions prior to the version with updated Diasymreader.dll and Mscorlib.dll: Update to a version with the latest security patches, including updated Diasymreader.dll and Mscorlib.dll.

**Name of the Vulnerable Software and Affected Versions** .NET and Visual Studio (affected versions not specified) **Description** The issue is related to a buffer overflow in dynamic memory, which can allow a remote attacker to execute arbitrary code. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** .NET, .NET Framework, and Visual Studio (affected versions not specified) **Description** The issue is related to an elevation-of-privilege vulnerability in .NET, .NET Framework, and Visual Studio. It is caused by incorrect handling of symbolic links before accessing a file. Exploitation of this issue may allow an attacker to elevate their privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Windows Image Acquisition (affected versions not specified) Description: The issue is related to an elevation-of-privilege vulnerability in the Windows Image Acquisition service. It is caused by incorrect handling of symbolic links before accessing a file. Exploitation of this issue may allow an attacker to elevate their privileges. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows (affected versions not specified) **Description** The issue is related to an elevation-of-privilege vulnerability in the Winlogon program, which is associated with an integer overflow. This vulnerability can be exploited by an attacker to elevate their privileges using specially crafted data. The vulnerability allows attackers to affect the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows Perception Service (affected versions not specified) **Description** The issue is related to synchronization errors when using a shared resource, specifically a "race condition" situation, in the Windows Perception Service. This could allow an attacker to elevate their privileges. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows (affected versions not specified) **Description** The issue is related to an incorrect handling of symbolic links before accessing a file in the Windows Themes component, which can lead to a denial-of-service condition. This can allow an attacker to affect the system. No information is provided about the estimated number of potentially affected devices or real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows (affected versions not specified) **Description** The issue is related to a buffer overflow in dynamic memory in the Winlogon program, which is part of the Windows operating system. This can be exploited by an attacker using specially crafted data to elevate their privileges. The vulnerability allows attackers to affect the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Visual Studio (affected versions not specified) **Description** The issue is related to a violation of the data protection mechanism in Microsoft Visual Studio, allowing an attacker to execute arbitrary code using a specially crafted file. This can be achieved through dump files. The estimated number of potentially affected devices worldwide is not provided. There are reports of real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WinRAR versions prior to 7.00 **Description** The issue is related to errors in processing input data, which can be exploited by a remote attacker to cause a denial of service or spoof the screen output. This can be achieved through the use of ANSI escape sequences. **Recommendations** For versions prior to 7.00, update to version 7.00 or later to resolve the issue. As a temporary workaround, consider restricting the use of WinRAR until a patch is applied. Avoid using WinRAR to open files from untrusted sources until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** WinRAR versions prior to 7.00 **Description** The issue is related to errors in processing input data in the ANSI Escape Sequence Handler component of the WinRAR file archiver. Exploitation of this issue may allow a remote attacker to cause a denial of service or spoof the screen output. This can be achieved via ANSI escape sequences. **Recommendations** For versions prior to 7.00, update to version 7.00 or later to resolve the issue. As a temporary workaround, consider disabling the use of ANSI escape sequences in WinRAR until a patch is applied. Restrict access to the ANSI Escape Sequence Handler component to minimize the risk of exploitation. Avoid using WinRAR on Linux and UNIX platforms until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 124 Firefox ESR versions prior to 115.9 Thunderbird versions prior to 115.9 **Description** The issue is related to the Windows Error Reporter in Mozilla Firefox, Firefox ESR, and Thunderbird on Windows operating systems. It involves errors in security settings, allowing a remote attacker to execute arbitrary code using a specially crafted web page. This could enable the attacker to run code on the system, escaping the sandbox. The issue only affects Windows operating systems, with other operating systems being unaffected. **Recommendations** For Firefox versions prior to 124, update to version 124 or later to resolve the issue. For Firefox ESR versions prior to 115.9, update to version 115.9 or later to resolve the issue. For Thunderbird versions prior to 115.9, update to version 115.9 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Microsoft Visual Studio (affected versions not specified) **Description** The issue is related to insufficient input validation in Microsoft Visual Studio, which can allow an attacker to execute arbitrary code. This can potentially lead to remote code execution when processing corrupted PDB files, such as those handled by DiaSymReader.dll. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Visual Studio (affected versions not specified) **Description** The issue is related to insufficient input validation in Visual Studio, which can be exploited to execute arbitrary code. This can allow an attacker to run malicious code on the system. The vulnerability is associated with corrupted PDB files and the DiaSymReader.dll. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Visual Studio (affected versions not specified) **Description** The issue is related to insufficient input validation in Microsoft Visual Studio, which can be exploited to execute arbitrary code. This can allow an attacker to run malicious code on the system. The vulnerability is associated with the DiaSymReader.dll when reading a corrupted PDB file, potentially leading to remote code execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.