Voidsec

**Name of the Vulnerable Software and Affected Versions** MSI Center versions 1.0.31.0 and earlier **Description** The issue is related to multiple Privilege Escalation vulnerabilities in the atidgllk.sys, atillk64.sys, MODAPI.sys, NTIOLib.sys, NTIOLib X64.sys, WinRing0.sys, WinRing0x64.sys driver components. These vulnerabilities can be triggered by sending specific IOCTL requests. **Recommendations** For MSI Center version 1.0.31.0 and earlier, update to a version later than 1.0.31.0 to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable driver components until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Micro-Star International (MSI) Center Pro version 2.0.16.0 and earlier **Description** The issue concerns multiple Privilege Escalation vulnerabilities in the atidgllk.sys, atillk64.sys, MODAPI.sys, NTIOLib.sys, NTIOLib X64.sys, WinRing0.sys, and WinRing0x64.sys driver components. These vulnerabilities can be triggered by sending specific IOCTL requests. **Recommendations** For Micro-Star International (MSI) Center Pro version 2.0.16.0 and earlier, consider updating to a version later than 2.0.16.0 to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable driver components until a patch is available. Avoid sending specific IOCTL requests to the atidgllk.sys, atillk64.sys, MODAPI.sys, NTIOLib.sys, NTIOLib X64.sys, WinRing0.sys, and WinRing0x64.sys drivers to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Clementine Music Player versions prior to 1.3.1 (when a GLib 2.0.0 DLL is used) **Description** The issue affects the MP3 file parsing functionality, specifically at `memcpy+0x265`, and is triggered when a user opens a crafted MP3 file or loads a remote stream URL that is mishandled. This can cause a crash of the `clementine.exe` process or potentially allow arbitrary code execution in the context of the current logged-in Windows user. **Recommendations** For Clementine Music Player versions prior to 1.3.1, consider avoiding the use of crafted MP3 files or remote stream URLs until a fix is available. As a temporary workaround, restrict the handling of MP3 files and remote streams to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Ballistix MOD Utility versions 2.0.2.5 and earlier **Description** The issue is related to a privilege escalation vulnerability in the MODAPI.sys driver component. It is triggered by sending a specific IOCTL request, allowing low-privileged users to directly interact with physical memory via the `MmMapIoSpace` function call, which maps physical memory into a virtual address space. This could enable attackers to achieve local privilege escalation to NT AUTHORITYSYSTEM. The vulnerability is associated with inadequate access control in the `MmMapIoSpace` function. **Recommendations** For Ballistix MOD Utility versions 2.0.2.5 and earlier, as a temporary workaround, consider disabling the `MmMapIoSpace` function until a patch is available. Restrict access to the MODAPI.sys driver component to minimize the risk of exploitation. Avoid using the IOCTL request that triggers the vulnerability in the affected driver component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Clementine Music Player versions prior to 1.3.2 **Description** The issue is related to a User Mode Write Access Violation in the MP3 file parsing functionality. It is triggered when a user opens a crafted MP3 file or loads a remote stream URL that is mishandled by Clementine. This could allow attackers to cause a crash of the clementine.exe process or achieve arbitrary code execution in the context of the current logged-in Windows user. The vulnerability is also associated with a pointer dereference error when loading MP3 files, which can lead to a denial of service or arbitrary code execution. **Recommendations** For Clementine Music Player versions prior to 1.3.2, update to a version later than 1.3.1 to resolve the issue. As a temporary workaround, consider avoiding the use of crafted MP3 files or remote stream URLs that could trigger the vulnerability. Restrict access to the MP3 file parsing functionality to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: IBM Tivoli Storage Manager Version 5 Release 2 Description: The issue concerns a stack buffer overflow that can be exploited through the `id` parameter when used in interactive mode. This exploitation is limited by a maximum number of characters and cannot be exploited in batch or command line usage, such as through commands like `dsmadmc.exe -id=username -password=pwd`. It's noted that this vulnerability affects products that are no longer supported by the maintainer. Recommendations: For IBM Tivoli Storage Manager Version 5 Release 2, as a temporary workaround, consider restricting the use of the `id` parameter in interactive mode to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FastStone Image Viewer versions <= 7.5 **Description** The issue is a Stack-based Buffer Overflow affecting the CUR file parsing functionality, specifically the BITMAPINFOHEADER Structure and the 'BitCount' file format field. This can lead to corruption of the Structure Exception Handler (SEH), allowing attackers to achieve code execution when a user opens or views a malformed or specially crafted CUR file. **Recommendations** For FastStone Image Viewer versions <= 7.5, consider avoiding the use of the CUR file parsing functionality until a patch is available. As a temporary workaround, restrict the opening or viewing of CUR files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FastStone Image Viewer versions <= 7.5 **Description** The issue is triggered when a user opens or views a malformed CUR file that is mishandled by FSViewer.exe, resulting in a user mode write access violation near NULL at 0x005bdfcb. This could be exploited for a Denial of Service (DoS) or possibly to achieve code execution. **Recommendations** For FastStone Image Viewer versions <= 7.5, avoid opening or viewing malformed CUR files until a patch is available. As a temporary workaround, consider restricting the use of FSViewer.exe to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** FastStone Image Viewer versions prior to 7.6 **Description** The issue arises from a user mode write access violation at 0x00402d8a when FSViewer.exe mishandles a malformed CUR file. This can occur when a user opens or views such a file. The exploitation of this issue could lead to a Denial of Service (DoS) or potentially allow for code execution. **Recommendations** For FastStone Image Viewer versions prior to 7.6, update to version 7.6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** FastStone Image Viewer versions prior to 7.6 **Description** The issue arises when a user opens or views a malformed CUR file, which is mishandled by FSViewer.exe, leading to a user mode write access violation. This could potentially be exploited for a Denial of Service (DoS) or possibly to achieve code execution. **Recommendations** For FastStone Image Viewer versions prior to 7.6, update to version 7.6 or later to resolve the issue. As a temporary workaround, consider avoiding the use of malformed CUR files until a patch is applied. Restrict access to untrusted image files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** FastStone Image Viewer versions 7.5 and earlier **Description** The issue is triggered when a user opens or views a malformed CUR file that is mishandled by FSViewer.exe, resulting in a user mode write access violation at 0x00402d7d. This could be exploited for a Denial of Service (DoS) or possibly to achieve code execution. **Recommendations** For FastStone Image Viewer versions 7.5 and earlier, avoid opening or viewing malformed CUR files until a patch is available. As a temporary workaround, consider restricting the use of FSViewer.exe to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** JamoDat TSMManager Collector version up to 6.5.0.21 **Description** The issue is related to an Authorization Bypass in the Collector component, which does not properly validate an authenticated session with the Viewer. If the Viewer has been modified and the Bypass Login functionality is used, an attacker can access various Collector functionalities as if they were a properly logged-in user. This includes administrating connected instances, reviewing logs, editing configurations, accessing instances' consoles, and accessing hardware configurations. However, exploiting this issue will not grant an attacker access or control over remote ISP servers, as no credentials are sent with the request. **Recommendations** For JamoDat TSMManager Collector version up to 6.5.0.21, consider disabling the Bypass Login functionality in the Viewer to prevent unauthorized access until a patch is available. Restrict access to the Collector component to minimize the risk of exploitation. Avoid using modified or binary-patched Viewer versions to prevent potential bypassing of authentication mechanisms. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Opera version 51.0.2830.55 **Description** The issue allows a website to gather complete client information, potentially disclosing a private IP address in a STUN request after visiting a site, such as https://ip.voidsec.com, that attempts to collect this information. **Recommendations** For Opera version 51.0.2830.55, consider disabling WebRTC as a temporary workaround until a patch is available.