#Security Vulnerability

No cwe for this issue in UrlMon allows an unauthorized attacker to bypass a security feature over a network.

**According to the CVSS metrics, successful exploitation of this vulnerability could lead to a high loss of confidentiality (C:H), and some loss of integrity (I:L) and no loss of availability (A:N). What does that mean for this vulnerability?** An attacker who successfully exploited this vulnerability could view sensitive information, a token in this scenario (Confidentiality), and make some changes to disclosed information (Integrity), but they would not be able to affect Availability.

Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

**How could an attacker exploit this vulnerability?** An attacker could successfully exploit this vulnerability by attempting to connect to a system with the Remote Desktop Gateway role, triggering the race condition to create a use-after-free scenario, and then leveraging this to execute arbitrary code.

Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability.

Improper link resolution before file access ('link following') in Windows Installer allows an authorized attacker to disclose information locally.

**According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability?** An unauthorized attacker must wait for a user to initiate a connection.

Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.