Scott Bell

**Name of the Vulnerable Software and Affected Versions** Windows 7 Windows Server 2012 R2 Windows RT 8.1 Windows Server 2012 Windows 8.1 Windows Server 2008 R2 **Description** The issue is related to improper handling of objects in memory by DirectX, which can lead to information disclosure. This can be exploited by an attacker using a specially crafted application to reveal protected information. **Recommendations** For Windows 7, update to a newer version that includes the fix for this issue. For Windows Server 2012 R2, apply the necessary patch to resolve the vulnerability. For Windows RT 8.1, Windows Server 2012, Windows 8.1, and Windows Server 2008 R2, ensure that all security updates are installed to mitigate the risk of exploitation. As a temporary workaround, consider restricting access to sensitive information until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Internet Explorer version 11 **Description** A remote code execution issue exists due to improper memory object access in Internet Explorer. **Recommendations** For Internet Explorer version 11, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Internet Explorer (affected versions not specified) **Description** The issue is related to the handling of objects in memory, which could allow a remote attacker to obtain confidential information from a process's memory using a specially crafted website. This could potentially be used to further compromise a target system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Edge (affected versions not specified) **Description** The issue is caused by a buffer overflow in memory, allowing a remote attacker to execute arbitrary code in the context of the current user. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Edge (affected versions not specified) Microsoft Internet Explorer (affected versions not specified) Microsoft Windows (affected versions not specified) **Description** The issue is caused by a buffer overflow in the Chakra JavaScript engine of Microsoft Edge, allowing a remote attacker to execute arbitrary code or cause a denial of service by accessing a specially crafted website. The vulnerability can also corrupt memory when handling objects, enabling an attacker to execute arbitrary code in the context of the current user. If the user has administrative rights, the attacker could gain control of the system, install programs, view or modify data, or create new accounts with full user rights. **Recommendations** For Microsoft Edge, consider disabling the Chakra JavaScript engine as a temporary workaround until a patch is available. For Microsoft Internet Explorer, restrict access to the Array.splice method to minimize the risk of exploitation. For Microsoft Windows, avoid using the reverse method in JavaScript until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 38.0 Firefox ESR versions 31.x prior to 31.7 Thunderbird versions prior to 31.7 **Description** The issue allows remote attackers to execute arbitrary code or cause a denial of service due to heap memory corruption. This can be achieved via a document containing crafted text in conjunction with a Cascading Style Sheets (CSS) token sequence containing properties related to vertical text. The vulnerability is related to the SetBreaks function. **Recommendations** For Mozilla Firefox versions prior to 38.0, update to version 38.0 or later. For Firefox ESR versions 31.x prior to 31.7, update to version 31.7 or later. For Thunderbird versions prior to 31.7, update to version 31.7 or later.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows Server 2003 SP2 Microsoft Windows Vista SP2 Microsoft Windows Server 2008 SP2 and R2 SP1 Microsoft Windows 7 SP1 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Gold and R2 Microsoft Windows RT Gold and 8.1 Microsoft Office 2007 SP3 Microsoft Office 2010 SP1 and SP2 Microsoft Live Meeting 2007 Console Microsoft Lync 2010 and 2013 Microsoft Lync 2010 Attendee Microsoft Lync Basic 2013 **Description** A remote code execution issue exists in the way affected components handle specially crafted font files. Exploitation of this issue allows remote code execution if a user opens a specially crafted file or webpage, enabling an attacker to gain complete control of the system. This control allows the attacker to install programs, view, change, or delete data, and create new accounts with full administrative rights. **Recommendations** For Microsoft Windows Server 2003 SP2, update to a newer version to mitigate the risk. For Microsoft Windows Vista SP2, update to a newer version to mitigate the risk. For Microsoft Windows Server 2008 SP2 and R2 SP1, update to a newer version to mitigate the risk. For Microsoft Windows 7 SP1, update to a newer version to mitigate the risk. For Microsoft Windows 8, update to a newer version to mitigate the risk. For Microsoft Windows 8.1, update to a newer version to mitigate the risk. For Microsoft Windows Server 2012 Gold and R2, update to a newer version to mitigate the risk. For Microsoft Windows RT Gold and 8.1, update to a newer version to mitigate the risk. For Microsoft Office 2007 SP3, update to a newer version to mitigate the risk. For Microsoft Office 2010 SP1 and SP2, update to a newer version to mitigate the risk. For Microsoft Live Meeting 2007 Console, update to a newer version to mitigate the risk. For Microsoft Lync 2010 and 2013, update to a newer version to mitigate the risk. For Microsoft Lync 2010 Attendee, update to a newer version to mitigate the risk. For Microsoft Lync Basic 2013, update to a newer version to mitigate the risk.

**Name of the Vulnerable Software and Affected Versions** Internet Explorer (affected versions not specified) **Description** The issue is related to memory handling errors in Internet Explorer, which can be exploited by an attacker to remotely execute arbitrary code in the context of the current user. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Internet Explorer (affected versions not specified) **Description** The issue is related to improper handling of user input data, specifically with CSS objects and memory access. This allows remote attackers to execute arbitrary code or cause a denial of service via a specially crafted website. The vulnerability is also described as a use-after-free error when accessing the ClayoutBlock object, which can lead to memory corruption and arbitrary code execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Internet Explorer versions 6 through 8 **Description** The issue is related to memory corruption, allowing remote attackers to execute arbitrary code or cause a denial of service. This is due to improper access to objects in memory, which could lead to memory corruption and allow an attacker to execute arbitrary code in the context of the current user. The vulnerability is also associated with a lack of input validation, which can be exploited by a remote attacker. **Recommendations** For Microsoft Internet Explorer versions 6 through 8, consider disabling JavaScript or restricting access to potentially malicious websites as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Internet Explorer versions 8 through 9 **Description** The issue is related to memory corruption, allowing remote attackers to execute arbitrary code or cause a denial of service via a crafted web site. This is due to improper access to objects in memory, which could corrupt memory and enable an attacker to execute arbitrary code in the context of the current user. **Recommendations** For Microsoft Internet Explorer versions 8 and 9, update to a newer version to mitigate the risk. As a temporary workaround, consider restricting access to potentially malicious web sites to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Internet Explorer (affected versions not specified) **Description** The issue is related to improper memory access, which could lead to memory corruption. This allows an attacker to potentially execute arbitrary code in the context of the current user by exploiting the vulnerability through a specially crafted website. The vulnerability is also related to insufficient input validation. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Internet Explorer versions 8 through 9 **Description** A remote code execution issue exists due to improper memory object access, potentially leading to memory corruption. This could allow an attacker to execute arbitrary code in the context of the current user by visiting a crafted web site. **Recommendations** For Microsoft Internet Explorer versions 8 and 9, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Internet Explorer version 8 **Description** The issue allows remote attackers to execute arbitrary code or cause a denial of service due to memory corruption via a crafted web site. This occurs because Internet Explorer improperly accesses an object in memory, potentially corrupting it in a way that enables an attacker to execute arbitrary code in the context of the current user. **Recommendations** For Microsoft Internet Explorer version 8, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Internet Explorer versions 8 through 9 **Description** A remote code execution issue exists due to improper memory object access, potentially leading to memory corruption. This could allow an attacker to execute arbitrary code in the context of the current user. The issue can be triggered via a crafted web site. **Recommendations** For Microsoft Internet Explorer versions 8 and 9, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Internet Explorer version 8 **Description** A use-after-free issue allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. **Recommendations** For Microsoft Internet Explorer version 8, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 17.0 Thunderbird versions prior to 17.0 SeaMonkey versions prior to 2.14 **Description** The issue allows remote attackers to execute arbitrary code or cause a denial of service, resulting in memory corruption and application crash, via unspecified vectors in the str unescape function of the JavaScript engine. **Recommendations** For Mozilla Firefox versions prior to 17.0, update to version 17.0 or later. For Thunderbird versions prior to 17.0, update to version 17.0 or later. For SeaMonkey versions prior to 2.14, update to version 2.14 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions 4.x through 10.0 Firefox ESR versions 10.x before 10.0.3 Thunderbird versions 5.0 through 10.0 Thunderbird ESR versions 10.x before 10.0.3 SeaMonkey version before 2.8 **Description** The issue allows remote attackers to cause a denial of service or possibly execute arbitrary code via vectors involving use of the file-open dialog in a child window, related to the `IUnknown QueryService` function in the Windows shlwapi.dll library. **Recommendations** For Mozilla Firefox versions 4.x through 10.0, update to a version after 10.0. For Firefox ESR versions 10.x before 10.0.3, update to version 10.0.3 or later. For Thunderbird versions 5.0 through 10.0, update to a version after 10.0. For Thunderbird ESR versions 10.x before 10.0.3, update to version 10.0.3 or later. For SeaMonkey version before 2.8, update to version 2.8 or later.

**Name of the Vulnerable Software and Affected Versions** GenVersion.dll version 8.0.138.0 in ICONICS BizViz versions prior to 9.22 GenVersion.dll version 8.0.138.0 in GENESIS32 versions prior to 9.22 **Description** The issue is related to a stack-based buffer overflow in the SetActiveXGUID method within the VersionInfo ActiveX control. This can be exploited by remote attackers to execute arbitrary code by providing a long string in the argument. **Recommendations** For ICONICS BizViz versions prior to 9.22, update to version 9.22 or later. For GENESIS32 versions prior to 9.22, update to version 9.22 or later.