Vulnerabilities > Microsoft > Windows > High
| Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Microsoft Windows
A race condition vulnerability exists in the QuickClean feature of McAfee Total Protection for Windows prior to 16.0.43 that allows a local user to gain privilege elevation and perform an arbitrary file delete.
| Unspecified vulnerability in Microsoft Windows
<p>A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations.
| Out-of-bounds Write vulnerability in Foxitsoftware 3D
An issue was discovered in the 3D Plugin Beta for Foxit Reader and PhantomPDF before 22.214.171.124430.
| Unspecified vulnerability in Tobesoft Nexacro 2019.9.25.1
Tobesoft Nexacro v2019.9.25.1 and earlier version have an arbitrary code execution vulnerability by using method supported by Nexacro14 ActiveX Control.
| Incorrect Permission Assignment for Critical Resource vulnerability in VMWare Horizon Client, Remote Console and Workstation
For VMware Horizon Client for Windows (5.x and prior before 5.3.0), VMware Remote Console for Windows (10.x before 11.0.0), VMware Workstation for Windows (15.x before 15.5.2) the folder containing configuration files for the VMware USB arbitration service was found to be writable by all users.
| Unspecified vulnerability in Trendmicro products
An arbitrary code execution vulnerability exists in the Trend Micro Security 2019 (v15) consumer family of products which could allow an attacker to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start.
| Unquoted Search Path or Element vulnerability in Teradici products
In Teradici PCoIP Agent before 19.08.1 and PCoIP Client before 19.08.3, an unquoted service path can cause execution of %PROGRAMFILES(X86)%\Teradici\PCoIP.exe instead of the intended pcoip_vchan_printing_svc.exe file.
| Link Following vulnerability in Avira Free Security Suite and Software Updater
An issue was discovered in Avira Free Security Suite 10.
| Incorrect Permission Assignment for Critical Resource vulnerability in Valvesoftware Steam Client
Valve Steam Client for Windows through 2019-08-16 allows privilege escalation (to NT AUTHORITY\SYSTEM) because local users can replace the current versions of SteamService.exe and SteamService.dll with older versions that lack the CVE-2019-14743 patch.
| Unquoted Search Path or Element vulnerability in Trendmicro products
A local privilege escalation vulnerability exists in Trend Micro Security 2019 (v15.0) in which, if exploited, would allow an attacker to manipulate a specific product feature to load a malicious service.