Henry Li

**Name of the Vulnerable Software and Affected Versions** Microsoft Edge (affected versions not specified) **Description** The issue is caused by a buffer overflow in memory, allowing a remote attacker to execute arbitrary code by exploiting the vulnerability in the Microsoft Edge browser's script. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Internet Explorer versions prior to the fixed version **Description** The issue is caused by a buffer overflow and improper access to objects in memory, allowing a remote attacker to execute arbitrary code or cause a denial of service via a specially crafted web site. This could lead to memory corruption, enabling the attacker to execute code in the context of the current user. If the user has administrative rights, the attacker could gain control of the system, install programs, view or modify data, or create new accounts with full rights. **Recommendations** For Internet Explorer versions prior to the fixed version: update to the latest version to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows versions prior to the fixed version **Description** The issue is related to a directory traversal vulnerability in the TS WebProxy component, which allows remote attackers to gain privileges via a crafted pathname in an executable file. This can lead to a transition from Low Integrity to Medium Integrity. The vulnerability is associated with insufficient checking of the pathname to a directory with restricted access. **Recommendations** For Microsoft Windows versions prior to the fixed version, consider disabling the TS WebProxy component until a patch is available. Restrict access to the TS WebProxy component to minimize the risk of exploitation. Avoid using crafted pathnames in executable files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.