Yulin Sung

**Name of the Vulnerable Software and Affected Versions** VIPRE Antivirus Plus (affected versions not specified) **Description** This issue allows local attackers to escalate privileges on affected installations. An attacker must first obtain the ability to execute low-privileged code on the target system. The flaw exists within the `SetPrivateConfig` method due to the lack of proper validation of a user-supplied path prior to using it in file operations. This can be leveraged to escalate privileges and execute arbitrary code in the context of SYSTEM. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** VIPRE Antivirus Plus (affected versions not specified) **Description** This issue allows local attackers to escalate privileges on affected installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this issue. The specific flaw exists within the `DeleteHistoryFile` method, resulting from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this issue to escalate privileges and execute arbitrary code in the context of SYSTEM. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** VIPRE Antivirus Plus (affected versions not specified) **Description** This issue allows local attackers to escalate privileges on affected installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this issue. The specific flaw exists within the `TelFileTransfer` method, where an attacker can abuse the method to delete arbitrary files by creating a symbolic link. This can be leveraged to escalate privileges and execute arbitrary code in the context of SYSTEM. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** VIPRE Antivirus Plus (affected versions not specified) **Description** This issue allows local attackers to escalate privileges on affected installations. An attacker must first obtain the ability to execute low-privileged code on the target system. The flaw exists within the `FPQuarTransfer` method, where an attacker can abuse the method to delete arbitrary files by creating a symbolic link. This can be leveraged to escalate privileges and execute arbitrary code in the context of SYSTEM. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Delta Electronics DIAScreen versions 1.2.1.23 and prior **Description** The issue is related to a buffer overflow in memory due to improper restrictions of operations. This could allow an attacker to remotely execute arbitrary code. **Recommendations** For Delta Electronics DIAScreen versions 1.2.1.23 and prior, consider restricting access to the system until a patch is available to prevent potential exploitation. As a temporary workaround, consider disabling any functionality that may trigger the buffer overflow until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Delta Electronics DIAScreen versions 1.2.1.23 and prior **Description** The issue is related to a stack-based buffer overflow, which could allow an attacker to remotely execute arbitrary code. This is a result of a vulnerability in the development environment for industrial equipment control systems, specifically in the DIAScreen software. **Recommendations** For Delta Electronics DIAScreen versions 1.2.1.23 and prior, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Delta Electronics DIAScreen versions 1.2.1.23 and prior **Description** The issue is related to an out-of-bounds write, which may allow an attacker to remotely execute arbitrary code. This is a result of a buffer overflow vulnerability in the DIAScreen development environment for industrial control system management. **Recommendations** For Delta Electronics DIAScreen versions 1.2.1.23 and prior, at the moment, there is no information about a newer version that contains a fix for this vulnerability.