Honggang Ren

**Name of the Vulnerable Software and Affected Versions** VMware Tools for Windows versions 11.x.y prior to 11.3.0 **Description** The issue is related to a denial-of-service vulnerability in the VM3DMP driver of VMware Tools for Windows. This vulnerability can be triggered by a malicious actor with local user privileges in the Windows guest operating system, leading to a denial-of-service condition. The vulnerability exists due to insufficient input validation in the VM3DMP driver, allowing an attacker to cause a denial-of-service. **Recommendations** For versions 11.x.y prior to 11.3.0, update to version 11.3.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the VM3DMP driver to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** IBM i2 Analyst Notebook versions 9.2.0 through 9.2.1 **Description** The issue is related to a memory corruption, specifically a buffer overflow, which could allow an attacker to execute arbitrary code on the system. This can be achieved by persuading a victim to open a specially-crafted file. The exploitation of this issue may enable a remote attacker to execute arbitrary code. **Recommendations** For versions 9.2.0 and 9.2.1, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IBM i2 Analyst's Notebook versions 9.2.0 through 9.2.1 **Description** The issue is related to a buffer overflow in memory, which could allow a remote attacker to execute arbitrary code. This can be achieved by persuading a victim to open a specially-crafted file, thereby exploiting the vulnerability to execute arbitrary code on the system. **Recommendations** For versions 9.2.0 and 9.2.1, update to a version that contains a fix for this issue to prevent arbitrary code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IBM i2 Analyst's Notebook versions 9.2.0 through 9.2.1 **Description** The issue is related to a memory buffer overflow in the IBM i2 Analyst's Notebook tool. Exploitation of this issue could allow an attacker to execute arbitrary code by using a specially crafted file. An attacker could persuade a victim to open this file, thereby executing arbitrary code on the system. **Recommendations** For versions 9.2.0 and 9.2.1, consider avoiding the use of specially crafted files until a patch is available. As a temporary workaround, restrict access to files from untrusted sources to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** IBM i2 Analyst Notebook version 9.2.1 **Description** The issue is caused by a memory corruption, allowing a local attacker to execute arbitrary code on the system. An attacker could exploit this by persuading a victim to open a specially-crafted file, resulting in the execution of arbitrary code on the system. **Recommendations** For IBM i2 Analyst Notebook version 9.2.1, consider avoiding the use of files from untrusted sources until a fix is available. As a temporary workaround, restrict access to sensitive areas of the system to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** IBM i2 Analyst Notebook versions 9.2.1 through 9.2.2 **Description** The issue is caused by a memory corruption, allowing a local attacker to execute arbitrary code on the system. An attacker could exploit this by persuading a victim to open a specially-crafted file, resulting in the execution of arbitrary code on the system. **Recommendations** For versions 9.2.1 and 9.2.2, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** IBM i2 Analyst Notebook version 9.2.1 **Description** The issue is caused by a memory corruption that could allow a local attacker to execute arbitrary code on the system. An attacker could exploit this by persuading a victim to open a specially-crafted file, which would then enable the execution of arbitrary code on the system. **Recommendations** For IBM i2 Analyst Notebook version 9.2.1, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** IBM i2 Analyst Notebook versions 9.2.1 through 9.2.2 **Description** The issue is caused by a memory corruption, allowing a local attacker to execute arbitrary code on the system. An attacker could exploit this by persuading a victim to open a specially-crafted file, resulting in the execution of arbitrary code on the system. **Recommendations** For versions 9.2.1 and 9.2.2, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** IBM i2 Analyst's Notebook versions 9.2.1 through 9.2.2 **Description** The issue is caused by a buffer overflow in dynamic memory, which can be exploited by an attacker to execute arbitrary code on the system. This can be achieved by persuading a victim to open a specially-crafted file. **Recommendations** For versions 9.2.1 and 9.2.2, consider avoiding the use of specially-crafted files until a patch is available. As a temporary workaround, restrict access to files from untrusted sources to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** IBM i2 Analyst Notebook versions 9.2.1 through 9.2.2 **Description** The issue is caused by a memory corruption, specifically a buffer overflow in dynamic memory, which could allow a local attacker to execute arbitrary code on the system. An attacker could exploit this by persuading a victim to open a specially-crafted file, thereby executing arbitrary code on the system. **Recommendations** For versions 9.2.1 and 9.2.2, consider restricting access to files from untrusted sources to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IBM i2 Intelligent Analyis Platform version 9.2.1 **Description** The issue is caused by a memory corruption, allowing a local attacker to execute arbitrary code on the system. This can be achieved by persuading a victim to open a specially-crafted file. **Recommendations** For IBM i2 Intelligent Analyis Platform version 9.2.1, consider restricting access to files from untrusted sources to minimize the risk of exploitation. As a temporary workaround, avoid opening specially-crafted files until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IBM i2 Intelligent Analysis Platform version 9.2.1 **Description** The issue is caused by a memory corruption, allowing a local attacker to execute arbitrary code on the system. An attacker could exploit this by persuading a victim to open a specially-crafted file, resulting in the execution of arbitrary code on the system. **Recommendations** For IBM i2 Intelligent Analysis Platform version 9.2.1, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** IBM i2 Intelligent Analyis Platform version 9.2.1 **Description** The issue is caused by a memory corruption, allowing a local attacker to execute arbitrary code on the system. This can be achieved by persuading a victim to open a specially-crafted file. **Recommendations** For IBM i2 Intelligent Analyis Platform version 9.2.1, consider restricting access to files from untrusted sources to minimize the risk of exploitation. As a temporary workaround, avoid opening specially-crafted files until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IBM i2 Intelligent Analyis Platform version 9.2.1 **Description** The issue is caused by a memory corruption, allowing a local attacker to execute arbitrary code on the system. An attacker could exploit this by persuading a victim to open a specially-crafted file, resulting in the execution of arbitrary code on the system. **Recommendations** For IBM i2 Intelligent Analyis Platform version 9.2.1, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** IBM i2 Intelligent Analyis Platform version 9.2.1 **Description** The issue is caused by a memory corruption, allowing a local attacker to execute arbitrary code on the system. This can be achieved by persuading a victim to open a specially-crafted file. **Recommendations** For IBM i2 Intelligent Analyis Platform version 9.2.1, consider restricting access to files from untrusted sources to minimize the risk of exploitation. As a temporary workaround, avoid opening specially-crafted files until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IBM i2 Intelligent Analyis Platform version 9.2.1 **Description** The issue is caused by memory corruption, allowing a remote attacker to execute arbitrary code on the system. This can be achieved by persuading a victim to open a specially-crafted document, potentially executing arbitrary code with the victim's privileges or causing the application to crash. **Recommendations** For IBM i2 Intelligent Analyis Platform version 9.2.1, update to a version that fixes the memory corruption issue to prevent remote attackers from executing arbitrary code on the system. As a temporary workaround, consider restricting the ability to open specially-crafted documents to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** IBM SDK, Java Technology Edition versions 7.0.0.0 through 7.0.10.55 IBM SDK, Java Technology Edition versions 7.1.0.0 through 7.1.4.55 IBM SDK, Java Technology Edition versions 8.0.0.0 through 8.0.6.0 **Description** The issue is related to a DLL search order hijacking vulnerability in Microsoft Windows client. This could allow a local authenticated attacker to execute arbitrary code on the system by placing a specially-crafted file in a compromised folder. **Recommendations** For versions 7.0.0.0 through 7.0.10.55, update to a version outside of this range to mitigate the risk. For versions 7.1.0.0 through 7.1.4.55, update to a version outside of this range to mitigate the risk. For versions 8.0.0.0 through 8.0.6.0, update to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting access to compromised folders to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** IBM i2 Intelligent Analyis Platform version 9.2.1 IBM i2 Analyst's Notebook (affected versions not specified) **Description** The issue is caused by a memory corruption error, which could allow a remote attacker to execute arbitrary code on the system. This can be achieved by persuading a victim to open a specially-crafted document, potentially allowing the attacker to execute arbitrary code with the privileges of the victim or cause the application to crash. The vulnerability is also related to a buffer overflow operation in memory, which may enable an attacker to cause a denial of service or execute arbitrary code using a specially created file with the ANB extension. **Recommendations** For IBM i2 Intelligent Analyis Platform version 9.2.1: At the moment, there is no information about a newer version that contains a fix for this vulnerability. For IBM i2 Analyst's Notebook: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Office (affected versions not specified) **Description** The issue is related to errors in handling objects in memory within the Microsoft Office Access Connectivity Engine component of the Microsoft Office package. This can allow an attacker to execute arbitrary code on a victim system by using a specially crafted file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Windows (affected versions not specified) Description: The issue is caused by a buffer overflow in the Windows Jet Database Engine component of the Windows operating system. This can be exploited by an attacker using a specially crafted file, potentially allowing them to execute arbitrary code. Remote attackers may also be able to execute arbitrary code and affect the system. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.