CVE-2022-39151 V33.1-V33.1.262 has a vulnerability. V34.0-V34.1.242 has a vulnerability. V35.0 has no vulnerabilities.

An out of bounds write past the end of an allocated buffer while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-17736) A vulnerability has been identified in the Windows Sysinfo application. The application does not sufficiently sanitize user input before use in an SQL query. An attacker could exploit this vulnerability to execute arbitrary code as the SYSTEM user. (ZDI-16-922) An out-of-bounds read vulnerability has been discovered in the Windows Sysinfo application. The application does not sufficiently sanitize user input before use in an SQL query. An attacker could exploit this vulnerability to disclose sensitive information. (ZDI-16-922) An out of bounds read vulnerability has been discovered in the Windows Sysinfo application. The application does not sufficiently sanitize user input before use in an SQL query. An attacker could exploit this vulnerability to disclose sensitive information. (ZDI-16-922) An out of bounds read vulnerability has been discovered in the Windows Sysinfo application. The application does not sufficiently sanitize user input before use in an SQL query. An attacker could exploit this vulnerability to disclose sensitive information. (ZDI-16-922) An out of bounds write vulnerability has been discovered in the Windows Sysinfo application. The application does not sufficiently sanitize user input before use in an SQL query. An

Windows Sysinfo Vulnerability – ZDI-CAN-17620

An out of bounds write past the end of an allocated buffer while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-17736)

Windows 10 and Edge browser:

Windows 10 has been updated, and that means there are new security vulnerabilities to be aware of. One of the biggest was discovered in the Edge browser.
It affects Windows 10, but also older versions of Windows, like Windows 7 or 8.1. It is a vulnerability caused by an out-of-bounds write past the end of an allocated buffer while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-17736)

Microsoft Edge

: A New Way to Experience Web Content
Microsoft Edge is a brand new browser for Windows 10 that offers a fresh, individualized way to experience web content. It's an exciting new way to navigate the internet with amazing features like Cortana and Microsoft Edge extensions!

Windows Sysinfo Vulnerability Symptoms:

The application may crash and cause a denial of service condition.
In some cases, the application may be automatically restarted by the system.

Timeline

Published on: 09/13/2022 10:15:00 UTC
Last modified on: 09/13/2022 15:12:00 UTC

References

• https://cert-portal.siemens.com/productcert/pdf/ssa-518824.pdf
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-39151