Sim0Nsecurity

**Name of the Vulnerable Software and Affected Versions** Zoom Workplace VDI Plugin Windows Universal Installer versions prior to 6.6.11 **Description** An issue exists where external control of a file name or path may allow an authenticated user with local access to achieve escalation of privilege. **Recommendations** Update to version 6.6.11 or later.

**Name of the Vulnerable Software and Affected Versions** Zoom Rooms for Windows versions prior to 7.0.0 **Description** An untrusted search path in the installer allows an authenticated user with local access to achieve escalation of privilege. **Recommendations** Update to version 7.0.0 or later.

**Name of the Vulnerable Software and Affected Versions** Zoom Clients for Windows (affected versions not specified) **Description** An improper privilege management issue exists in certain Zoom Clients for Windows. An authenticated user with local access may be able to escalate their privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Zoom Clients for Windows (affected versions not specified) **Description** An improper check of the minimum version in the update functionality of certain Zoom Clients for Windows could allow an authenticated user to escalate privileges through local access. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Zoom Rooms for Windows versions prior to 6.6.5 **Description** An improper input validation issue exists in Zoom Rooms for Windows in Kiosk Mode. A user with existing authentication can potentially escalate privileges through local access. **Recommendations** Update Zoom Rooms for Windows to version 6.6.5 or later.

Name of the Vulnerable Software and Affected Versions: Zoom Workplace for Windows on ARM versions prior to 6.5.0 Description: Missing authorization in the installer may allow an authenticated user to conduct an escalation of privilege via local access. Recommendations: Update Zoom Workplace for Windows on ARM to version 6.5.0 or later.

Name of the Vulnerable Software and Affected Versions: Zoom Clients for Windows (affected versions not specified) Description: A race condition exists in the installer for certain Zoom Clients for Windows. This may allow a local, unauthenticated user to compromise application integrity. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Visual Studio (affected versions not specified) Description: The issue concerns improper link resolution before file access, also known as 'link following', which allows an unauthorized attacker to elevate privileges over a network. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Microsoft PC Manager (affected versions not specified) Description: The issue is related to improper link resolution before file access, also known as 'link following', which allows an authorized attacker to elevate privileges locally. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Edge (Chromium-based) (affected versions not specified) **Description** The issue is related to improper link resolution before file access, also known as 'link following', in Microsoft Edge (Chromium-based). This allows an authorized attacker to elevate privileges locally. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Microsoft PC Manager (affected versions not specified) Description: The issue is related to improper link resolution before file access, also known as 'link following', in Microsoft PC Manager. This allows an authorized attacker to elevate privileges locally. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Microsoft Office (affected versions not specified) Description: The issue is related to improper access control, allowing an authorized attacker to elevate privileges locally. This can affect the system, potentially leading to further exploitation. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Windows Installer (affected versions not specified) Description: The issue is related to improper link resolution before file access, also known as 'link following', in Windows Installer. This allows an authorized attacker to elevate privileges locally. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Edge (Chromium-based) (affected versions not specified) **Description** The issue is related to improper link resolution before file access, also known as 'link following', which allows an authorized attacker to elevate privileges locally. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Intel(R) GPA versions prior to 2024.3 **Description** The issue is related to improper access control in Intel(R) GPA software, which may allow an authenticated user to potentially enable denial of service via local access. **Recommendations** For versions prior to 2024.3, update to version 2024.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Intel(R) Chipset Software Installation Utility versions prior to 10.1.19867.8574 **Description** The issue concerns an uncontrolled search path in some Intel(R) Chipset Software Installation Utility versions. This may allow an authenticated user to potentially enable escalation of privilege via local access. **Recommendations** For versions prior to 10.1.19867.8574, update to version 10.1.19867.8574 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Intel(R) Battery Life Diagnostic Tool versions prior to 2.4.1 **Description** A time-of-check time-of-use race condition may allow an authenticated user to potentially enable escalation of privilege via local access. This issue affects some Intel(R) Battery Life Diagnostic Tool software. **Recommendations** For versions prior to 2.4.1, update to version 2.4.1 or later to resolve the issue. As a temporary workaround, consider restricting local access to the Intel(R) Battery Life Diagnostic Tool software until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Intel(R) DSA versions prior to 24.2.19.5 **Description** The issue is related to incorrect default permissions for some Intel(R) DSA installers for Windows, which may allow an authenticated user to potentially enable escalation of privilege via local access. **Recommendations** For versions prior to 24.2.19.5, update to version 24.2.19.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Intel(R) XTU versions prior to 7.14.2.14 **Description** The issue concerns an uncontrolled search path in the Intel(R) XTU software for Windows, which may allow an authenticated user to potentially enable escalation of privilege via local access. **Recommendations** For versions prior to 7.14.2.14, update to version 7.14.2.14 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Intel(R) DSA software versions prior to 23.4.39 **Description** The issue is related to insufficient verification of data authenticity in some Intel(R) DSA software, which may allow an authenticated user to potentially enable escalation of privilege via local access. **Recommendations** For versions prior to 23.4.39, update to version 23.4.39 or later to resolve the issue.