Zeze

**Name of the Vulnerable Software and Affected Versions** MSP360 Free Backup (affected versions not specified) **Description** A local attacker can escalate privileges on affected installations of MSP360 Free Backup. The attacker must first have the ability to execute low-privileged code on the target system. Administrator interaction is also required. The issue resides within the restore functionality, where an attacker can create a junction and abuse the service to create arbitrary files, leading to privilege escalation and arbitrary code execution in the context of SYSTEM. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: AOMEI Backupper Workstation (affected versions not specified) Description: A local privilege escalation issue exists in AOMEI Backupper Workstation due to a link following flaw. This allows an attacker to gain elevated privileges on a compromised system. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Trend Micro Cleaner One Pro (affected versions not specified) Description: Trend Micro Cleaner One Pro is susceptible to a privilege escalation issue. A local attacker may unintentionally delete privileged Trend Micro files, including its own program files. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** 2BrightSparks SyncBackFree (affected versions not specified) **Description** This issue allows local attackers to escalate privileges on affected installations. An attacker must first obtain the ability to execute low-privileged code on the target system and have user interaction from an administrator to exploit this flaw. The specific flaw exists within the Mirror functionality, where an attacker can create a junction to abuse the service and delete arbitrary files, potentially escalating privileges and executing arbitrary code in the context of SYSTEM. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FastStone Image Viewer (affected versions not specified) **Description** This issue allows remote attackers to execute arbitrary code on affected installations of FastStone Image Viewer. User interaction is required to exploit this issue, where the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TGA files, resulting from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this issue to execute code in the context of the current process. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** FastStone Image Viewer (affected versions not specified) **Description** This issue allows remote attackers to execute arbitrary code on affected installations of FastStone Image Viewer. User interaction is required to exploit this issue, where the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of GIF files, resulting from the lack of proper validation of user-supplied data. This can lead to a write past the end of an allocated buffer, allowing an attacker to execute code in the context of the current process. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** FastStone Image Viewer (affected versions not specified) **Description** This issue allows remote attackers to execute arbitrary code on affected installations of FastStone Image Viewer. User interaction is required to exploit this issue, where the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSD files, resulting from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this issue to execute code in the context of the current process. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Windscribe (affected versions not specified) **Description** The issue is related to a directory traversal vulnerability in the Windscribe Service, which can be exploited by local attackers to escalate privileges on affected installations of Windscribe. This can be achieved by leveraging the lack of proper validation of a user-supplied path prior to using it in file operations, allowing an attacker to execute arbitrary code in the context of SYSTEM. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Visual Studio (affected versions not specified) **Description** The issue is related to insufficient access restrictions in Microsoft Visual Studio, allowing an attacker to elevate their privileges using a specially crafted file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AMD Ryzen Master (affected versions not specified) **Description** The issue is related to insufficient validation of the IOCTL input buffer in AMD Ryzen Master, which may allow a privileged attacker to provide a null value, potentially resulting in a Windows crash and denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AMD Ryzen Master (affected versions not specified) **Description** Insufficient validation in the IOCTL input buffer may permit a privileged attacker to perform memory reads/writes, potentially leading to a loss of confidentiality or arbitrary kernel execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AMD μProf (affected versions not specified) **Description** Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD μProf may allow an authenticated user to send an arbitrary address, potentially resulting in a Windows crash leading to denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AMD μProf (affected versions not specified) **Description** The issue is related to insufficient validation of the IOCTL input buffer in AMD μProf, which may allow an authenticated user to send an arbitrary buffer, potentially resulting in a Windows crash leading to denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AMD uProf (affected versions not specified) **Description** Insufficient validation in the IOCTL input buffer in AMD uProf may allow an authenticated user to load an unsigned driver, potentially leading to arbitrary kernel execution. The issue can be exploited to achieve privilege escalation to the SYSTEM level. A demonstration at HITCON 2023 showed the exploitation of AMDCpuProfiler.sys within AMD μProf, allowing for the loading of a malicious unsigned driver and enabling execution of malicious actions on the processes of 360 Total Security. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Visual Studio (affected versions not specified) **Description** The issue is related to insufficient access restrictions in Microsoft Visual Studio, allowing an attacker to potentially elevate their privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Visual Studio (affected versions not specified) **Description** The issue is related to a buffer overflow in memory, which can be exploited to gain unauthorized access to protected information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.