Jaewon Min

**Name of the Vulnerable Software and Affected Versions** Windows 11 version 10.0.22000.593 Windows Server 2022 version 10.0.20348.643 **Description** An access violation vulnerability exists in the DirectComposition functionality of the win32kbase.sys driver. A specially-crafted set of syscalls can lead to a reboot. An unprivileged user can run specially-crafted code to trigger Denial Of Service. **Recommendations** For Windows 11 version 10.0.22000.593, update to a newer version that contains a fix for this issue. For Windows Server 2022 version 10.0.20348.643, update to a newer version that contains a fix for this issue. As a temporary workaround, consider restricting access to the win32kbase.sys driver to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Windows 11 version 10.0.22000.593 Windows Server 2022 version 10.0.20348.643 **Description** An access violation issue exists in the DirectComposition functionality of the win32kbase.sys driver. A specially-crafted set of syscalls can lead to a reboot. An unprivileged user can run specially-crafted code to trigger a Denial Of Service. **Recommendations** For Windows 11 version 10.0.22000.593, update to a version that includes a fix for this issue. For Windows Server 2022 version 10.0.20348.643, update to a version that includes a fix for this issue. As a temporary workaround, consider restricting access to the DirectComposition functionality until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 110.0.5481.77 **Description** The issue is related to an out of bounds read in WebRTC, allowing a remote attacker to perform an out of bounds memory read via a crafted HTML page. This could potentially enable the attacker to gain unauthorized access to protected information. **Recommendations** For versions prior to 110.0.5481.77, update to version 110.0.5481.77 or later to resolve the issue. As a temporary workaround, consider restricting access to WebRTC functionality until the update is applied.

**Name of the Vulnerable Software and Affected Versions** ESTsoft Alyac version 2.5.8.645 **Description** A denial of service issue exists in the malware scan functionality. This can be triggered by a specially-crafted PE file, leading to the termination of the target process. An attacker can exploit this by providing a malicious file. **Recommendations** For ESTsoft Alyac version 2.5.8.645, consider disabling the malware scan functionality until a patch is available to prevent potential denial of service attacks.

**Name of the Vulnerable Software and Affected Versions** ESTsoft Alyac version 2.5.8.544 **Description** An integer overflow issue exists in the way ESTsoft Alyac parses OLE files. A specially-crafted OLE file can lead to a heap buffer overflow, potentially resulting in arbitrary code execution. This can be triggered by providing a malicious file. **Recommendations** For ESTsoft Alyac version 2.5.8.544, consider avoiding the use of OLE files from untrusted sources until a patch is available. As a temporary workaround, restrict the parsing of OLE files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ESTsoft Alyac version 2.5.8.544 **Description** An integer overflow issue exists in the way ESTsoft Alyac parses OLE files. A specially-crafted OLE file can lead to a heap buffer overflow, which can result in arbitrary code execution. An attacker can provide a malicious file to trigger this issue. **Recommendations** For ESTsoft Alyac version 2.5.8.544, consider avoiding the use of OLE files until a patch is available. As a temporary workaround, restrict the ability to open or process OLE files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** ESTsoft Alyac version 2.5.7.7 **Description** An out of bounds read issue exists in the malware scan functionality. A specially-crafted PE file can trigger this issue, causing denial of service and termination of the malware scan. An attacker can provide a malicious file to trigger this issue. **Recommendations** For ESTsoft Alyac version 2.5.7.7, at the moment, there is no information about a newer version that contains a fix for this issue.