Bratax

**Name of the Vulnerable Software and Affected Versions** Xitami Web Server versions 2.2a through 2.5c2 **Description** The issue allows remote attackers to cause a denial of service, potentially leading to a daemon crash, and may also enable the execution of arbitrary code. This is achieved through format string specifiers in a Long Running Web Process (LRWP) request. The vulnerability triggers incorrect logging code involving the `sendfmt` function in the SMT kernel. **Recommendations** For Xitami Web Server versions 2.2a through 2.5c2, consider disabling the Long Running Web Process (LRWP) request functionality until a patch is available to prevent potential exploitation. Additionally, restrict access to the SMT kernel's logging functionality to minimize the risk of incorrect logging code being triggered.

**Name of the Vulnerable Software and Affected Versions** Microsoft HTML Help Workshop version 4.74.8702.0 and possibly earlier versions Microsoft HTML Help 1.4 SDK **Description** A stack-based buffer overflow issue allows context-dependent attackers to execute arbitrary code via a .hhp file with a long Contents file field. **Recommendations** For Microsoft HTML Help Workshop version 4.74.8702.0 and possibly earlier versions, update to a newer version to mitigate the risk. For Microsoft HTML Help 1.4 SDK, update to a newer version to mitigate the risk. As a temporary workaround, consider restricting the use of .hhp files with long Contents file fields until a patch is available.