Yang Yu

**Name of the Vulnerable Software and Affected Versions** Microsoft Edge (affected versions not specified) **Description** An elevation of privilege issue exists in Microsoft Edge, allowing an attacker to escape the AppContainer sandbox in the browser. This could enable an attacker to gain elevated privileges and break out of the Edge AppContainer sandbox. The issue by itself does not allow arbitrary code execution but could be used in conjunction with other vulnerabilities, such as remote code execution and another elevation of privilege vulnerability, to exploit elevated privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows versions prior to the patchday that contains the fix for this issue **Description** The issue is related to the improper implementation of Address Space Layout Randomization (ASLR) in Windows, allowing attackers to bypass the ASLR protection mechanism. This could enable an attacker to load a DLL in the process, potentially during the exploitation of a remote code execution vulnerability. The vulnerability was demonstrated against Adobe Flash Player by VUPEN during a Pwn2Own competition at CanSecWest 2013. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Cisco Secure ACS versions prior to 3.1.2 Description: The issue is related to a buffer overflow in the administration service (CSAdmin) that allows remote attackers to cause a denial of service and possibly execute arbitrary code. This is achieved by sending a long user parameter to port 2002. Recommendations: For versions prior to 3.1.2, update to version 3.1.2 or later to resolve the issue. As a temporary workaround, consider restricting access to port 2002 to minimize the risk of exploitation.