Paolo Stagno

**Name of the Vulnerable Software and Affected Versions** Ballistix MOD Utility versions 2.0.2.5 and earlier **Description** The issue is related to a privilege escalation vulnerability in the MODAPI.sys driver component. It is triggered by sending a specific IOCTL request, allowing low-privileged users to directly interact with physical memory via the `MmMapIoSpace` function call, which maps physical memory into a virtual address space. This could enable attackers to achieve local privilege escalation to NT AUTHORITYSYSTEM. The vulnerability is associated with inadequate access control in the `MmMapIoSpace` function. **Recommendations** For Ballistix MOD Utility versions 2.0.2.5 and earlier, as a temporary workaround, consider disabling the `MmMapIoSpace` function until a patch is available. Restrict access to the MODAPI.sys driver component to minimize the risk of exploitation. Avoid using the IOCTL request that triggers the vulnerability in the affected driver component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NVIDIA GeForce Experience versions prior to 3.22 **Description** The issue concerns a vulnerability in GameStream plugins where log files are created using NT/System level permissions. This may lead to code execution, denial of service, or local privilege escalation. However, the attacker does not have control over the consequence of a modification, nor would they be able to leak information as a direct result of the overwrite. **Recommendations** For versions prior to 3.22, update to version 3.22 or later to resolve the issue. As a temporary workaround, consider restricting access to the GameStream plugins until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** FastStone Image Viewer versions <= 7.5 **Description** The issue is a Stack-based Buffer Overflow affecting the CUR file parsing functionality, specifically the BITMAPINFOHEADER Structure and the 'BitCount' file format field. This can lead to corruption of the Structure Exception Handler (SEH), allowing attackers to achieve code execution when a user opens or views a malformed or specially crafted CUR file. **Recommendations** For FastStone Image Viewer versions <= 7.5, consider avoiding the use of the CUR file parsing functionality until a patch is available. As a temporary workaround, restrict the opening or viewing of CUR files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: HPE OpenCall Media Platform (OCMP) versions prior to 3.4.2 RP201 HPE OpenCall Media Platform (OCMP) versions prior to 4.4.7 RP702 Description: A Remote Code Execution issue was found in HPE OpenCall Media Platform (OCMP). Recommendations: For versions prior to 3.4.2 RP201, update to version 3.4.2 RP201 or later. For versions prior to 4.4.7 RP702, update to version 4.4.7 RP702 or later.

Name of the Vulnerable Software and Affected Versions: HPE OpenCall Media Platform (OCMP) versions prior to 3.4.2 RP201 HPE OpenCall Media Platform (OCMP) versions prior to 4.4.7 RP702 Description: A Remote Code Execution issue was discovered in HPE OpenCall Media Platform (OCMP). Recommendations: For versions prior to 3.4.2 RP201, update to version 3.4.2 RP201 or later. For versions prior to 4.4.7 RP702, update to version 4.4.7 RP702 or later.