Luca Barile

**Name of the Vulnerable Software and Affected Versions** Wacom Drivers for Windows (affected versions not specified) **Description** This issue allows local attackers to escalate privileges on affected installations of Wacom Drivers for Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this issue. The specific flaw exists within the handling of the `WacomInstallI.txt` file by the `PrefUtil.exe` utility. The issue results from incorrect permissions on the `WacomInstallI.txt` file. An attacker can leverage this issue to escalate privileges and execute arbitrary code in the context of SYSTEM. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Wacom Drivers for Windows (affected versions not specified) **Description** This issue allows local attackers to escalate privileges on affected installations of Wacom Drivers for Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this issue. The specific flaw exists within the Tablet Service. By creating a symbolic link, an attacker can abuse the service to create a file, leveraging this issue to escalate privileges and execute arbitrary code in the context of SYSTEM. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Wacom Driver version 6.3.46-1 **Description** The Wacom Driver for Windows contains an arbitrary file write issue via the Wacom Tablet.exe component. This allows for potential malicious activity. **Recommendations** For Wacom Driver version 6.3.46-1, consider disabling the Wacom Tablet.exe component until a patch is available to prevent potential exploitation.

**Name of the Vulnerable Software and Affected Versions** Microsoft Excel (affected versions not specified) **Description** The issue is related to incorrect clearing or release of resources in Microsoft Office packages. Exploitation of this issue may allow a remote attacker to cause a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.