Void

**Name of the Vulnerable Software and Affected Versions** voidtools Everything versions prior to 1.4.1 Beta Nightly 2020-08-18 **Description** The issue allows privilege escalation via a Trojan horse `urlmon.dll` file in the installation directory. This is only relevant if low-privileged users can write to the installation directory, which may be considered a site-specific configuration error. **Recommendations** For versions prior to 1.4.1 Beta Nightly 2020-08-18, update to version 1.4.1 Beta Nightly 2020-08-18 or later to resolve the issue. As a temporary workaround, consider restricting write access to the installation directory to prevent low-privileged users from exploiting this issue.

**Name of the Vulnerable Software and Affected Versions** Beijing KingSoft Antivirus Online Update Module version 2007.12.29.29 **Description** The issue is related to a heap-based buffer overflow in the KUpdateObj2 Class ActiveX control. This occurs when a long argument is passed to the `SetUninstallName` method, allowing remote attackers to execute arbitrary code. **Recommendations** For version 2007.12.29.29, consider disabling the `SetUninstallName` method in the KUpdateObj2 Class ActiveX control until a patch is available. Restrict access to the UpdateOcx2.dll module to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Mercury/32 version 4.52 **Description** A stack-based buffer overflow issue in the IMAPD component allows remote authenticated users to execute arbitrary code by providing a long argument in a SEARCH ON command. **Recommendations** For Mercury/32 version 4.52, consider restricting access to the IMAPD component until a fix is available, and avoid using long arguments in SEARCH ON commands to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: GlobalLink version 2.7.0.8 Description: The issue is related to multiple heap-based buffer overflows that allow remote attackers to execute arbitrary code. This can be achieved through a long eighth argument to the `SetInfo` method in a certain ActiveX control in `glItemCom.dll` or a long second argument to the `SetClientInfo` method in a certain ActiveX control in `glitemflat.dll`. Recommendations: For GlobalLink version 2.7.0.8, consider disabling the `SetInfo` and `SetClientInfo` methods in the affected ActiveX controls until a patch is available. Restrict access to the `glItemCom.dll` and `glitemflat.dll` modules to minimize the risk of exploitation. Avoid using long arguments in the `SetInfo` and `SetClientInfo` methods until the issue is resolved.