Heechan Kim

**Name of the Vulnerable Software and Affected Versions** Samsung Live Wallpaper PC versions prior to 3.3.8.0 **Description** The issue allows for arbitrary directory creation, which can be exploited by an attacker. The estimated number of potentially affected devices and details about real-world incidents where this issue was exploited are not provided. **Recommendations** For versions prior to 3.3.8.0, update to version 3.3.8.0 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive directories to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Caphyon Advanced Installer version 19.7 **Description** A critical vulnerability has been found in the WinSxS DLL Handler component of Caphyon Advanced Installer. The manipulation leads to an uncontrolled search path. Attacking locally is a requirement. The exploit has been disclosed to the public. **Recommendations** For Caphyon Advanced Installer version 19.7, upgrade to version 19.7.1 to address this issue. It is recommended to upgrade the affected component. As a temporary workaround, consider restricting access to the WinSxS DLL Handler until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Camera versions prior to 11.0.16.43 in Android 11 Camera versions 12.0.07.53 through 12.1.03.10 in Android 12 Camera versions 13.0.01.43 through 13.1.00.83 in Android 13 **Description** The issue allows a local attacker to access specific files due to an implicit intent hijacking vulnerability in the Camera application. **Recommendations** For versions prior to 11.0.16.43 in Android 11, update to version 11.0.16.43 or later. For versions 12.0.07.53 through 12.1.03.10 in Android 12, update to a version later than 12.1.03.10. For versions 13.0.01.43 through 13.1.00.83 in Android 13, update to a version later than 13.1.00.83. As a temporary workaround, consider restricting access to the Camera application until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Panda Security VPN for Windows versions prior to 15.14.8 **Description** A DLL hijacking issue allows attackers to execute arbitrary code by placing a crafted DLL file in the same directory as the executable. **Recommendations** For versions prior to 15.14.8, update to version 15.14.8 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Samsung Smart Switch for Windows Installer versions prior to 4.3.23043 3 **Description** The issue is related to improper privilege management, allowing attackers to cause permanent denial of service (DoS) via directory junction. **Recommendations** For versions prior to 4.3.23043 3, update to version 4.3.23043 3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Asus Aura Sync versions through v1.07.79 **Description** The issue concerns the MsIo64.sys component, which does not properly validate input to certain IOCTL requests, specifically 0x80102040, 0x80102044, 0x80102050, and 0x80102054. This allows attackers to trigger memory corruption, potentially causing a Denial of Service (DoS) or escalating privileges via crafted IOCTL requests. **Recommendations** For Asus Aura Sync versions through v1.07.79, consider disabling the MsIo64.sys component until a patch is available to prevent potential exploitation. Restrict access to the vulnerable IOCTL requests to minimize the risk of memory corruption and subsequent DoS or privilege escalation.

**Name of the Vulnerable Software and Affected Versions** Samsung Gear IconX PC Manager versions prior to 2.1.221019.51 **Description** The issue is related to insufficient verification of data authenticity, allowing local attackers to create arbitrary files using symbolic links. This can be exploited by attackers to potentially cause harm. **Recommendations** For versions prior to 2.1.221019.51, update to version 2.1.221019.51 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive files and directories to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Smart Switch PC versions prior to 4.3.22083 3 **Description** The issue allows an attacker to execute arbitrary code through a DLL hijacking vulnerability. **Recommendations** For versions prior to 4.3.22083 3, update to version 4.3.22083 3 or later to resolve the issue.