Asuka Nakajima

**Name of the Vulnerable Software and Affected Versions** Microsoft Teams (affected versions not specified) **Description** The issue concerns an untrusted search path vulnerability in the installer of Microsoft Teams. This vulnerability allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Baidu Browser versions 43.23.1000.500 and earlier **Description** The issue allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. **Recommendations** For Baidu Browser versions 43.23.1000.500 and earlier, update to a version later than 43.23.1000.500 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** IrfanView versions prior to 4.37 **Description** The issue arises from a buffer overflow when IrfanView handles a crafted file with a multibyte-character directory name in the Thumbnails window, specifically through the Thumbnail tooltips feature. This can lead to the execution of arbitrary code by user-assisted remote attackers. **Recommendations** For versions prior to 4.37, update to version 4.37 or later to resolve the issue. As a temporary workaround, consider avoiding the use of multibyte-character directory names in the Thumbnails window until the update is applied.