Kasif Dekel

**Name of the Vulnerable Software and Affected Versions** Microsoft Defender for IoT (affected versions not specified) **Description** The issue is related to incorrect code generation management in Microsoft Defender for IoT, which can be exploited by a remote attacker to execute arbitrary code using a specially crafted request. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Defender for IoT (affected versions not specified) **Description** The issue is related to insufficient access control in Microsoft Defender for IoT, which can be exploited to elevate privileges in the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Amzetta zPortal DVM Tools versions 3.3.148.148 and earlier **Description** The issue allows local attackers to execute arbitrary code in kernel mode or cause a denial of service, resulting in memory corruption and OS crash, via specially crafted I/O Request Packet. This is due to an Integer Overflow in the IOCTL Handler 0x22001B. **Recommendations** For Amzetta zPortal DVM Tools versions 3.3.148.148 and earlier, consider disabling the IOCTL Handler 0x22001B as a temporary workaround until a patch is available. Restrict access to the affected handler to minimize the risk of exploitation. Avoid using specially crafted I/O Request Packets in the affected versions until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Amazon WorkSpaces agent versions prior to 1.0.1.1537 Description: The issue is related to an Integer Overflow in the Amazon WorkSpaces agent. It affects the IOCTL Handler 0x22001B, allowing local attackers to execute arbitrary code in kernel mode or cause a denial of service, resulting in memory corruption and OS crash, via specially crafted I/O Request Packets. Recommendations: For versions prior to 1.0.1.1537, update to version 1.0.1.1537 or later to resolve the issue. As a temporary workaround, consider restricting access to the IOCTL Handler 0x22001B to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Amazon WorkSpaces agent versions prior to 1.0.1.1537 Description: The issue is related to a Buffer Overflow in the Amazon WorkSpaces agent. It affects the IOCTL Handler 0x22001B, allowing local attackers to execute arbitrary code in kernel mode or cause a denial of service, such as memory corruption and OS crash, via specially crafted I/O Request Packets. Recommendations: For versions prior to 1.0.1.1537, update to version 1.0.1.1537 or later to resolve the issue. As a temporary workaround, consider restricting access to the IOCTL Handler 0x22001B to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Accops HyWorks DVM Tools versions prior to 3.3.1.105 **Description** A Buffer Overflow issue exists, allowing local attackers to execute arbitrary code in kernel mode or cause a denial of service via specially crafted I/O Request Packets. The IOCTL Handler 0x22001B is involved in this issue, potentially leading to memory corruption and OS crash. **Recommendations** For versions prior to 3.3.1.105, update to version 3.3.1.105 or later to resolve the issue. As a temporary workaround, consider restricting access to the IOCTL Handler 0x22001B to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Accops HyWorks DVM Tools versions prior to 3.3.1.105 **Description** An Integer Overflow issue exists, allowing local attackers to execute arbitrary code in kernel mode or cause a denial of service via specially crafted I/O Request Packets. The IOCTL Handler 0x22001B is affected, potentially leading to memory corruption and OS crash. **Recommendations** For versions prior to 3.3.1.105, update to version 3.3.1.105 or later to resolve the issue. As a temporary workaround, consider restricting access to the IOCTL Handler 0x22001B to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Accops HyWorks Windows Client versions prior to 3.2.8.200 **Description** A Buffer Overflow issue exists, allowing local attackers to execute arbitrary code in kernel mode or cause a denial of service via specially crafted I/O Request Packets. The IOCTL Handler 0x22001B is involved in this issue, potentially leading to memory corruption and OS crash. **Recommendations** For versions prior to 3.2.8.200, update to version 3.2.8.200 or later to resolve the issue. As a temporary workaround, consider restricting access to the IOCTL Handler 0x22001B to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Accops HyWorks DVM Tools versions prior to 3.3.1.105 **Description** An Integer Overflow issue exists, allowing local attackers to execute arbitrary code in kernel mode or cause a denial of service via specially crafted I/O Request Packets. The IOCTL Handler 0x22005B is affected, potentially leading to memory corruption and OS crashes. **Recommendations** For versions prior to 3.3.1.105, update to version 3.3.1.105 or later to resolve the issue. As a temporary workaround, consider restricting access to the IOCTL Handler 0x22005B to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Accops HyWorks Windows Client versions prior to 3.2.8.200 **Description** An Integer Overflow exists in the Accops HyWorks Windows Client, allowing local attackers to execute arbitrary code in kernel mode or cause a denial of service via specially crafted I/O Request Packets. The IOCTL Handler 0x22001B is affected, potentially leading to memory corruption and OS crash. **Recommendations** For versions prior to 3.2.8.200, update to version 3.2.8.200 or later to resolve the issue. As a temporary workaround, consider restricting access to the IOCTL Handler 0x22001B to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Accops HyWorks Windows Client versions prior to 3.2.8.200 **Description** A Buffer Overflow issue exists, allowing local attackers to execute arbitrary code in kernel mode or cause a denial of service via specially crafted I/O Request Packets. The IOCTL Handler 0x22005B is vulnerable, potentially leading to memory corruption and OS crash. **Recommendations** For versions prior to 3.2.8.200, update to version 3.2.8.200 or later to resolve the issue. As a temporary workaround, consider restricting access to the IOCTL Handler 0x22005B to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Accops HyWorks Windows Client versions prior to 3.2.8.200 **Description** An Integer Overflow issue exists, allowing local attackers to execute arbitrary code in kernel mode or cause a denial of service via specially crafted I/O Request Packets. The IOCTL Handler 0x22005B is affected, potentially leading to memory corruption and OS crash. **Recommendations** For versions prior to 3.2.8.200, update to version 3.2.8.200 or later to resolve the issue. As a temporary workaround, consider restricting access to the IOCTL Handler 0x22005B to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** NoMachine Server versions 4.0.346 through 7.7.4 **Description** The issue allows local attackers to execute arbitrary code in kernel mode or cause a denial of service, such as memory corruption and OS crash, via specially crafted I/O Request Packet. This is due to a Buffer Overflow in the IOCTL Handler 0x22001B. **Recommendations** For NoMachine Server versions 4.0.346 through 7.7.4, update to version 7.7.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the IOCTL Handler 0x22001B to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** NoMachine Server versions 4.0.347 through 7.7.3 **Description** The issue is related to an Integer Overflow in the NoMachine Server. Specifically, the IOCTL Handler 0x22001B is vulnerable, allowing local attackers to execute arbitrary code in kernel mode or cause a denial of service, resulting in memory corruption and OS crash, via specially crafted I/O Request Packets. **Recommendations** For versions 4.0.347 through 7.7.3, update to version 7.7.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the IOCTL Handler 0x22001B to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** NoMachine Enterprise Desktop versions 4.0.346 through 7.7.4 **Description** The issue allows local attackers to execute arbitrary code in kernel mode or cause a denial of service, resulting in memory corruption and OS crash, via specially crafted I/O Request Packet. This is due to a Buffer Overflow in the IOCTL Handler 0x22001B. **Recommendations** For versions 4.0.346 through 7.7.4, update to version 7.7.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the IOCTL Handler 0x22001B to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** NoMachine Enterprise Desktop versions 4.0.346 through 7.7.4 **Description** The issue allows local attackers to execute arbitrary code in kernel mode or cause a denial of service, resulting in memory corruption and OS crash, via specially crafted I/O Request Packet. This is due to an Integer Overflow in the IOCTL Handler 0x22001B. **Recommendations** For versions 4.0.346 through 7.7.4, update to version 7.7.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the IOCTL Handler 0x22001B to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** NoMachine Cloud Server versions 4.0.346 through 7.7.4 **Description** The issue allows local attackers to execute arbitrary code in kernel mode or cause a denial of service, resulting in memory corruption and OS crash, via specially crafted I/O Request Packet. This is due to an Integer Overflow in the IOCTL Handler 0x22001B. **Recommendations** For NoMachine Cloud Server versions 4.0.346 through 7.7.4, update to a version outside of this range to resolve the issue. As a temporary workaround, consider restricting access to the IOCTL Handler 0x22001B to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** NoMachine Cloud Server versions 4.0.346 through 7.7.4 **Description** The issue allows local attackers to execute arbitrary code in kernel mode or cause a denial of service, such as memory corruption and OS crash, via specially crafted I/O Request Packet. This is due to a Buffer Overflow in the IOCTL Handler 0x22001B. **Recommendations** For versions 4.0.346 through 7.7.4, update to version 7.7.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the IOCTL Handler 0x22001B to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** NoMachine Enterprise Client versions 4.0.346 through 7.7.4 **Description** The issue allows local attackers to execute arbitrary code in kernel mode or cause a denial of service, resulting in memory corruption and OS crash, via specially crafted I/O Request Packet. This is due to a Buffer Overflow in the IOCTL Handler 0x22001B. **Recommendations** For versions 4.0.346 through 7.7.4, update to version 7.7.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the IOCTL Handler 0x22001B to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** NoMachine Enterprise Client versions 4.0.346 through 7.7.4 **Description** The issue allows local attackers to execute arbitrary code in kernel mode or cause a denial of service, resulting in memory corruption and OS crash, via specially crafted I/O Request Packet. This is due to an Integer Overflow in the IOCTL Handler 0x22001B. **Recommendations** For versions 4.0.346 through 7.7.4, update to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting access to the IOCTL Handler 0x22001B to minimize the risk of exploitation.