Laplinker

**Name of the Vulnerable Software and Affected Versions** Microsoft Visual Studio versions 2008 SP1, 2010, and 2010 SP1 **Description** The issue allows local users to gain privileges via a Trojan horse add-in in an unspecified directory. **Recommendations** For Microsoft Visual Studio 2008 SP1, 2010, and 2010 SP1, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Expression Design versions prior to SP1 Microsoft Expression Design 2 Microsoft Expression Design 3 Microsoft Expression Design 4 **Description** The issue allows local users to gain privileges via a Trojan horse DLL in the current working directory. This can be demonstrated by a directory that contains a .xpr or .DESIGN file. **Recommendations** For Microsoft Expression Design prior to SP1, update to SP1 or a later version to resolve the issue. For Microsoft Expression Design 2, 3, and 4, at the moment, there is no information about a newer version that contains a fix for this vulnerability.