Taviso

**Name of the Vulnerable Software and Affected Versions** uTorrent (affected versions not specified) **Description** A critical issue has been found in uTorrent, affecting some unknown processing of the component Guest Account. The manipulation leads to privilege escalation. The attack may be initiated remotely. **Recommendations** It is recommended to upgrade the affected component. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** uTorrent Web (affected versions not specified) **Description** A critical issue has been found, affecting an unknown functionality of the HTTP RPC Server component, which can lead to privilege escalation. This issue can be exploited remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** uTorrent (affected versions not specified) **Description** A critical issue has been found in uTorrent, affecting an unknown part of the software. The manipulation of this issue leads to memory corruption and can be initiated remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** uTorrent (affected versions not specified) **Description** A critical issue was found in uTorrent, affecting the PRNG component, which leads to weak authentication. The attack can be initiated remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Artifex Ghostscript versions 9.25 and earlier **Description** The issue is related to an incomplete fix for a previous problem, allowing attackers to bypass a sandbox protection mechanism. This is due to insufficient access control in the Sandbox Protection Mechanism component of the Ghostscript software suite, which can be exploited by a local attacker to bypass the sandbox protection and execute arbitrary code. **Recommendations** For Artifex Ghostscript versions 9.25 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows versions prior to the fixed version **Description** The issue arises from the improper handling of window broadcast messages by the Windows kernel, allowing local users to gain privileges via a crafted application. This could enable an attacker to take complete control of an affected system, install programs, view, change, or delete data, or create new accounts with full user rights. Users with fewer user rights on the system could be less impacted than those operating with administrative user rights. **Recommendations** For Microsoft Windows versions prior to the fixed version, update to the latest version to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: GNU Debugger (GDB) version 6.5 gdb package version 6.3.0.0 Description: The issue is related to a buffer overflow in the debugging code of GNU Debugger (GDB), specifically in the DWARF and DWARF2 debugging code. This allows attackers to execute arbitrary code via a crafted file with a location block that contains a large number of operations. The vulnerability can be exploited remotely, potentially leading to a breach of confidentiality, integrity, and availability of protected information. Recommendations: For GNU Debugger (GDB) version 6.5, consider updating to a newer version to mitigate the risk. For gdb package version 6.3.0.0, update to a newer version to resolve the issue. As a temporary workaround, consider restricting access to the debugging functionality until a patch is available.

Name of the Vulnerable Software and Affected Versions: GnuPG versions prior to 1.4.2.2 Description: The issue concerns the verification of non-detached signatures. Attackers can inject unsigned data via a data packet not associated with a control packet. This causes the check for concatenated signatures to incorrectly report the signature as valid. Recommendations: For versions prior to 1.4.2.2, update to version 1.4.2.2 or later to resolve the issue.