L4Ys

**Name of the Vulnerable Software and Affected Versions** Trend Micro Apex One (affected versions not specified) Trend Micro Apex One as a Service (affected versions not specified) **Description** An origin validation issue in the Apex One/SEP agent allows a local attacker to escalate privileges. This flaw exists within a process protection communication mechanism. To exploit this, an attacker must already have the ability to execute low-privileged code on the target system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Trend Micro TrendAI Apex One (affected versions not specified) TrendAI Apex One as a Service (affected versions not specified) **Description** An origin validation issue in the Apex One/SEP agent allows a local attacker to escalate privileges. This flaw exists within an inter-process communication mechanism, which is the method used by different processes to share data. To exploit this, an attacker must already have the ability to execute low-privileged code on the target system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apex One/SEP agent (affected versions not specified) **Description** An origin validation error in the process protection communication mechanism allows a local attacker to escalate privileges. To exploit this issue, the attacker must first have the ability to execute low-privileged code on the target system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apex One/SEP agent (affected versions not specified) **Description** An origin validation error in the process protection mechanism allows a local attacker to escalate privileges. To exploit this issue, the attacker must first have the ability to execute low-privileged code on the target system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apex One/SEP agent (affected versions not specified) **Description** An origin validation issue in the agent could allow a local attacker to escalate privileges on affected installations. To exploit this, an attacker must first have the ability to execute low-privileged code on the target system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Trend Micro Apex One/SEP agent (affected versions not specified) **Description** An origin validation error in the agent's named pipe communication mechanism allows a local attacker to escalate privileges. To exploit this issue, the attacker must first have the ability to execute low-privileged code on the target system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apex One/SEP agent (affected versions not specified) **Description** A time-of-check time-of-use (TOCTOU) issue exists in the agent, which occurs when a program checks a condition (such as a file's existence or permissions) and then uses the result of that check, but the condition changes between the check and the use. This could allow a local attacker who already has the ability to execute low-privileged code on the target system to escalate privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows (affected versions not specified) **Description** The issue is related to insufficient input validation in the Windows kernel, which can be exploited by an attacker to cause a denial of service using a specially crafted malicious file. This can affect the system, leading to a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 101.0.4951.41 **Description** A heap buffer overflow issue in the Blink component of Google Chrome allows a remote attacker to potentially perform a sandbox escape via a crafted HTML page, if the user is convinced to engage in specific UI gestures. **Recommendations** For versions prior to 101.0.4951.41, update to version 101.0.4951.41 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Microsoft Edge (affected versions not specified) **Description** The issue is related to errors in security settings, allowing a remote attacker to potentially elevate their privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows Jet Database Engine (affected versions not specified) **Description** A remote code execution issue exists due to the improper handling of objects in memory by the Windows Jet Database Engine. This can be exploited by remote attackers to execute arbitrary code on the system, potentially using a specially crafted file. The vulnerability is related to a buffer overflow in memory. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.