Jihui Lu

**Name of the Vulnerable Software and Affected Versions** Apple tvOS versions prior to 13 Apple iTunes for Windows versions prior to 12.10.1 Apple iCloud for Windows versions prior to 10.7 and 7.14 **Description** The issue arises from memory corruption, potentially allowing attackers to execute arbitrary code when processing maliciously crafted web content. This can lead to arbitrary code execution. **Recommendations** For Apple tvOS versions prior to 13, update to tvOS 13 or later. For Apple iTunes for Windows versions prior to 12.10.1, update to iTunes for Windows 12.10.1 or later. For Apple iCloud for Windows versions prior to 10.7 and 7.14, update to iCloud for Windows 10.7 or 7.14 or later.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 12.4 macOS Mojave versions prior to 10.14.6 tvOS versions prior to 12.4 Safari versions prior to 12.1.2 iTunes for Windows versions prior to 12.9.6 iCloud for Windows versions prior to 7.13 and 10.6 **Description** The issue is related to memory corruption and can be triggered by processing maliciously crafted web content, potentially leading to arbitrary code execution. It is associated with a buffer overflow in the WebKit display module. A remote attacker could exploit this issue by using a specially crafted web page to execute arbitrary code. **Recommendations** For iOS versions prior to 12.4, update to iOS 12.4 or later. For macOS Mojave versions prior to 10.14.6, update to macOS Mojave 10.14.6 or later. For tvOS versions prior to 12.4, update to tvOS 12.4 or later. For Safari versions prior to 12.1.2, update to Safari 12.1.2 or later. For iTunes for Windows versions prior to 12.9.6, update to iTunes for Windows 12.9.6 or later. For iCloud for Windows versions prior to 7.13 and 10.6, update to iCloud for Windows 7.13 or 10.6 or later.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 12.4 macOS Mojave versions prior to 10.14.6 tvOS versions prior to 12.4 Safari versions prior to 12.1.2 iTunes for Windows versions prior to 12.9.6 iCloud for Windows versions prior to 7.13 and 10.6 **Description** The issue is related to memory corruption and can be exploited by processing maliciously crafted web content, potentially leading to arbitrary code execution. It is associated with a buffer overflow in the WebKit display module. A remote attacker can exploit this issue using a specially crafted web page. **Recommendations** For iOS versions prior to 12.4, update to iOS 12.4 or later. For macOS Mojave versions prior to 10.14.6, update to macOS Mojave 10.14.6 or later. For tvOS versions prior to 12.4, update to tvOS 12.4 or later. For Safari versions prior to 12.1.2, update to Safari 12.1.2 or later. For iTunes for Windows versions prior to 12.9.6, update to iTunes for Windows 12.9.6 or later. For iCloud for Windows versions prior to 7.13 and 10.6, update to iCloud for Windows 7.13 or 10.6 or later.

**Name of the Vulnerable Software and Affected Versions** Safari versions prior to 12.1.2 iOS versions prior to 12.4 macOS Mojave versions prior to 10.14.6 tvOS versions prior to 12.4 iTunes for Windows versions prior to 12.9.6 iCloud for Windows versions prior to 7.13 and 10.6 **Description** The issue is related to a buffer overflow in the WebKit display module, which can be exploited by a remote attacker using a specially crafted web page, potentially leading to arbitrary code execution. The problem arises from memory corruption issues, which have been addressed with improved memory handling. **Recommendations** For Safari versions prior to 12.1.2, update to version 12.1.2 or later. For iOS versions prior to 12.4, update to version 12.4 or later. For macOS Mojave versions prior to 10.14.6, update to version 10.14.6 or later. For tvOS versions prior to 12.4, update to version 12.4 or later. For iTunes for Windows versions prior to 12.9.6, update to version 12.9.6 or later. For iCloud for Windows versions prior to 7.13 and 10.6, update to version 7.13 or 10.6 or later.

**Name of the Vulnerable Software and Affected Versions** Internet Explorer 11 Microsoft Edge Internet Explorer 10 **Description** A remote code execution issue exists due to the way Microsoft browsers access objects in memory. This could allow an attacker to execute arbitrary code in the context of the current user by corrupting memory. If the current user has administrative rights, the attacker could take control of the affected system, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights. **Recommendations** For Internet Explorer 11, update to a version that includes the fix for this issue. For Microsoft Edge, apply the necessary security updates to resolve the vulnerability. For Internet Explorer 10, ensure all security patches are applied to mitigate the risk.

**Name of the Vulnerable Software and Affected Versions** Microsoft Edge (affected versions not specified) **Description** An information disclosure issue exists due to Microsoft Edge's improper handling of objects in memory. This could allow an attacker to obtain information that could be used to further compromise the user's system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Edge (affected versions not specified) **Description** A remote code execution issue exists due to improper memory object access in Microsoft Edge, potentially allowing an attacker to execute arbitrary code in the context of the current user. This could lead to an attacker gaining the same user rights as the current user. If the current user has administrative rights, the attacker could take control of the affected system, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Edge (affected versions not specified) **Description** An information disclosure issue exists due to Microsoft Edge's improper handling of objects in memory. This could allow an attacker to obtain information that could be used to further compromise the user's system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 11.4 iCloud for Windows versions prior to 7.5 watchOS versions prior to 4.3.1 iTunes for Windows versions prior to 12.7.5 macOS High Sierra versions prior to 10.13.5 **Description** An out-of-bounds read issue was addressed through improved input validation. **Recommendations** For iOS versions prior to 11.4, update to version 11.4 or later. For iCloud for Windows versions prior to 7.5, update to version 7.5 or later. For watchOS versions prior to 4.3.1, update to version 4.3.1 or later. For iTunes for Windows versions prior to 12.7.5, update to version 12.7.5 or later. For macOS High Sierra versions prior to 10.13.5, update to version 10.13.5 or later.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows Vista SP2 Microsoft Windows Server 2008 SP2 and R2 SP1 Microsoft Windows 7 SP1 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Gold and R2 Microsoft Windows RT Gold and 8.1 Microsoft Windows 10 Microsoft Office 2007 SP3 and 2010 SP2 Microsoft Live Meeting 2007 Console Microsoft Lync 2010 Microsoft Lync 2010 Attendee Microsoft Lync 2013 SP1 Microsoft Lync Basic 2013 SP1 Microsoft Silverlight before 5.1.40728 **Description** A remote code execution issue exists when components of Windows, .NET Framework, Office, Lync, and Silverlight fail to properly handle TrueType fonts. An attacker who successfully exploited this issue could take complete control of the affected system, allowing them to install programs, view, change, or delete data, or create new accounts with full user rights. **Recommendations** For Microsoft Windows Vista SP2, update to a newer version to mitigate the risk. For Microsoft Windows Server 2008 SP2 and R2 SP1, update to a newer version to mitigate the risk. For Microsoft Windows 7 SP1, update to a newer version to mitigate the risk. For Microsoft Windows 8, update to a newer version to mitigate the risk. For Microsoft Windows 8.1, update to a newer version to mitigate the risk. For Microsoft Windows Server 2012 Gold and R2, update to a newer version to mitigate the risk. For Microsoft Windows RT Gold and 8.1, update to a newer version to mitigate the risk. For Microsoft Windows 10, update to a newer version to mitigate the risk. For Microsoft Office 2007 SP3 and 2010 SP2, update to a newer version to mitigate the risk. For Microsoft Live Meeting 2007 Console, update to a newer version to mitigate the risk. For Microsoft Lync 2010, update to a newer version to mitigate the risk. For Microsoft Lync 2010 Attendee, update to a newer version to mitigate the risk. For Microsoft Lync 2013 SP1, update to a newer version to mitigate the risk. For Microsoft Lync Basic 2013 SP1, update to a newer version to mitigate the risk. For Microsoft Silverlight before 5.1.40728, update to version 5.1.40728 or later to mitigate the risk.

**Name of the Vulnerable Software and Affected Versions** Adobe Flash Player (affected versions not specified) Adobe AIR (affected versions not specified) Adobe AIR SDK (affected versions not specified) Adobe AIR SDK & Compiler (affected versions not specified) **Description** The issue allows remote attackers to bypass file system write operation restrictions. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Adobe Flash Player versions prior to 13.0.0.289 Adobe Flash Player versions 14.x through 17.x before 17.0.0.188 Adobe Flash Player version prior to 11.2.202.460 on Linux Adobe AIR versions prior to 17.0.0.172 Adobe AIR SDK versions prior to 17.0.0.172 Adobe AIR SDK & Compiler versions prior to 17.0.0.172 **Description** A race condition in Adobe Flash Player and Adobe AIR allows attackers to bypass the Internet Explorer Protected Mode protection mechanism. This issue can be exploited via unspecified vectors. **Recommendations** For Adobe Flash Player versions prior to 13.0.0.289, update to version 13.0.0.289 or later. For Adobe Flash Player versions 14.x through 17.x, update to version 17.0.0.188 or later. For Adobe Flash Player version prior to 11.2.202.460 on Linux, update to version 11.2.202.460 or later. For Adobe AIR versions prior to 17.0.0.172, update to version 17.0.0.172 or later. For Adobe AIR SDK versions prior to 17.0.0.172, update to version 17.0.0.172 or later. For Adobe AIR SDK & Compiler versions prior to 17.0.0.172, update to version 17.0.0.172 or later.