Yong Chuan Koh

**Name of the Vulnerable Software and Affected Versions** Windows (affected versions not specified) **Description** The issue is related to insecure privilege management in the Windows Event Tracing service of the Windows operating system. It allows an attacker to elevate their privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows (affected versions not specified) **Description** The issue is related to the Windows Event Tracing service and is caused by inadequate access control. It allows an attacker to elevate their privileges. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows versions 8.1, 10 (Gold, 1511, 1607, 1703), Windows Server 2012 (Gold and R2), Windows Server 2016, Windows RT 8.1 **Description** The issue arises from the Windows Uniscribe component's failure to properly handle objects in memory, leading to a remote code execution vulnerability. This can be exploited by remote attackers to execute arbitrary code on the system. The vulnerability is caused by an out-of-bounds operation in memory, resulting from incorrect handling of objects. **Recommendations** For Microsoft Windows versions 8.1, 10 (Gold, 1511, 1607, 1703), Windows Server 2012 (Gold and R2), Windows Server 2016, and Windows RT 8.1, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Office (affected versions not specified) **Description** The issue is related to the way Microsoft Office handles objects in memory, allowing for remote code execution. An attacker could exploit this to run arbitrary code in the context of the current user. If the user has administrative rights, the attacker could take control of the system, install programs, view, change or delete data, or create new accounts with full user rights. The exploitation requires a user to open a specially crafted file with an affected version of Microsoft Office software. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Dell iDRAC6 modular versions prior to 3.65 Dell iDRAC6 monolithic versions prior to 1.98 Dell iDRAC7 versions prior to 1.57.57 **Description** The issue is related to the IPMI 1.5 functionality, which does not properly select session ID values. This makes it easier for remote attackers to execute arbitrary commands via a brute-force attack. **Recommendations** For Dell iDRAC6 modular versions prior to 3.65, update to version 3.65 or later. For Dell iDRAC6 monolithic versions prior to 1.98, update to version 1.98 or later. For Dell iDRAC7 versions prior to 1.57.57, update to version 1.57.57 or later.

**Name of the Vulnerable Software and Affected Versions** libssh versions prior to 0.5.4 **Description** The issue allows remote attackers to cause a denial of service, resulting in a crash due to a NULL pointer dereference. This occurs when no algorithm is matched during negotiations and a specific packet, "Client: Diffie-Hellman Key Exchange Init", is received. **Recommendations** For versions prior to 0.5.4, update to version 0.5.4 or later to resolve the issue.