Hearmen

**Name of the Vulnerable Software and Affected Versions** Duo versions prior to SMR Oct-2023 Release 1 **Description** The issue is related to improper input validation, allowing local attackers to launch privileged activities. This can be exploited by local attackers. **Recommendations** For versions prior to SMR Oct-2023 Release 1, update to the SMR Oct-2023 Release 1 or later to resolve the issue. As a temporary workaround, consider restricting local access to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** HDCP trustlet versions prior to SMR Oct-2023 Release 1 **Description** The issue is a stack-based buffer overflow that allows local privileged attackers to perform code execution. This can be exploited by attackers to execute malicious code. **Recommendations** For versions prior to SMR Oct-2023 Release 1, update to SMR Oct-2023 Release 1 or later to resolve the issue. As a temporary workaround, consider restricting access to the HDCP trustlet to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Settings Suggestions versions prior to SMR Sep-2023 Release 1 **Description** The issue is related to improper input validation, which allows attackers to launch arbitrary activity. **Recommendations** For versions prior to SMR Sep-2023 Release 1, update to SMR Sep-2023 Release 1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Software (affected versions not specified) **Description** The issue is related to a parcel mismatch in AuthenticationConfig, which allows a local attacker to perform privilege escalation. This issue affects versions prior to the SMR Aug-2023 Release 1. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** EnhancedAttestationResult versions prior to SMR Jul-2023 Release 1 **Description** The issue is related to improper input validation, allowing local attackers to launch privileged activities. **Recommendations** For versions prior to SMR Jul-2023 Release 1, update to SMR Jul-2023 Release 1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** SCEPProfile versions prior to SMR Jul-2023 Release 1 **Description** The issue is related to improper input validation, allowing local attackers to launch privileged activities. **Recommendations** For versions prior to SMR Jul-2023 Release 1, update to SMR Jul-2023 Release 1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Microsoft Edge (affected versions not specified) **Description** The issue is related to a remote code execution problem in the way the scripting engine handles objects in memory. This could allow an attacker to corrupt memory and execute arbitrary code in the context of the current user by using a specially crafted web page. If the current user has administrative rights, a successful exploitation could give the attacker control over the affected system, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.