Jeongmin Choi

**Name of the Vulnerable Software and Affected Versions** Verizon IMS (affected versions not specified) **Description** The SIP signaling stack implements SIP signaling without IPsec integrity protection, specifically lacking Security-Client/Security-Server headers and ESP traffic. This allows an on-path attacker to compromise the confidentiality, integrity, and authenticity of VoLTE signaling through passive monitoring and active manipulation of unsecured SIP messages over the radio and core network. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Outlook versions 2016 Microsoft Office versions 2019 through 2024 **Description** The issue allows remote attackers to execute arbitrary code and affect the system. It is reported that this issue has been patched by Microsoft with the aid of external researchers. **Recommendations** For Microsoft Outlook version 2016, apply the patch provided by Microsoft. For Microsoft Office versions 2019 through 2024, apply the patch provided by Microsoft. As a temporary workaround, consider restricting access to potentially vulnerable components until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Microsoft Office versions prior to the fixed version Microsoft 365 Apps for Enterprise versions prior to the fixed version **Description** The issue is related to the use of an unreliable path search in Microsoft Office and Microsoft 365 Apps for Enterprise. This allows an attacker to execute arbitrary code. The vulnerability affects Word, PowerPoint, and Outlook. It is described as a logic bug that includes built-in process control and built-in PV bypass. **Recommendations** For Microsoft Office versions prior to the fixed version, update to the fixed version to resolve the issue. For Microsoft 365 Apps for Enterprise versions prior to the fixed version, update to the fixed version to resolve the issue. As a temporary workaround, consider restricting the use of built-in processes and PV until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Walrus versions before 72c7230f32a0b791355bbdfc78669701024b0956 **Description** The issue is related to an Improper Validation of Array Index in the Samsung Open Source Walrus Webassembly runtime engine, which can cause a segmentation fault. **Recommendations** For versions before 72c7230f32a0b791355bbdfc78669701024b0956, update to a version after 72c7230f32a0b791355bbdfc78669701024b0956 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** escargot version 4.0.0 **Description** The issue is related to an Improper Input Validation vulnerability in the Samsung Open Source escargot JavaScript engine, which allows Overflow Buffers. However, it is noted that this issue occurs in the test code and is not included in the release. **Recommendations** For escargot version 4.0.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.