Wenguang Jiao

**Name of the Vulnerable Software and Affected Versions** HEVC Video Extensions (affected versions not specified) **Description** The issue concerns a remote code execution vulnerability. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Excel (affected versions not specified) **Description** The issue is related to insufficient input validation in Microsoft Excel. Exploitation of this issue may allow an attacker to execute arbitrary code. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Visual Studio (affected versions not specified) **Description** The issue is related to a buffer overflow in memory, which can be exploited by a remote attacker to execute arbitrary code. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Foxit Studio Photo version 3.6.6.931 **Description** This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page or open a malicious file. The flaw exists within the parsing of JPM files due to the lack of proper validation of user-supplied data, resulting in a write past the end of an allocated structure. An attacker can leverage this to execute code in the context of the current process. **Recommendations** For Foxit Studio Photo version 3.6.6.931, consider disabling the JPM file parsing functionality until a patch is available to prevent exploitation. Restrict access to potentially malicious files or pages to minimize the risk of remote code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Foxit Studio Photo version 3.6.6.931 **Description** This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page or open a malicious file. The flaw exists within the parsing of JP2 files due to the lack of proper validation of user-supplied data, resulting in a write past the end of an allocated structure. An attacker can leverage this to execute code in the context of the current process. **Recommendations** For Foxit Studio Photo version 3.6.6.931, consider disabling the JP2 file parsing functionality until a patch is available to prevent exploitation. Restrict access to potentially malicious files or web pages to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Raw Image Extension (affected versions not specified) Description: The issue is related to incorrect code generation management in the Raw Image Extension plugin. It can be exploited by an attacker to execute arbitrary code using a specially crafted malicious web page or a specially crafted malicious file. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Raw Image Extension (affected versions not specified) **Description** The issue is related to errors in data type conversion during the parsing of CR3 files by the Raw Image Extension plugin. This can be exploited by an attacker to execute arbitrary code using a specially crafted malicious web page or a specially crafted malicious file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows (affected versions not specified) **Description** The issue is related to the incorrect handling of objects in memory by the Graphics Device Interface (GDI) component in Windows operating systems. This can be exploited by an attacker using a specially crafted application to gain unauthorized access to protected information. The vulnerability allows attackers to obtain sensitive information and affect the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.