Daniel Chechik

**Name of the Vulnerable Software and Affected Versions** DaumGame ActiveX plugin versions 1.1.0.4 through 1.1.0.5 **Description** The issue is related to a buffer overflow in the `IconCreate` method of an ActiveX control. This allows remote attackers to execute arbitrary code via a long string. The issue has been exploited in the wild. **Recommendations** For DaumGame ActiveX plugin versions 1.1.0.4 and 1.1.0.5, consider disabling the `IconCreate` method as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Microsoft Internet Explorer versions 6 through 11 **Description** The issue is related to a use-after-free error in the CDisplayPointer class, which can be exploited by remote attackers to execute arbitrary code or cause a denial of service through memory corruption. This can be achieved by using crafted JavaScript code that utilizes the `onpropertychange` event handler. There have been real-world incidents where this issue was exploited in September and October 2013. **Recommendations** For Microsoft Internet Explorer versions 6 through 11, update to a version that includes the fix for this issue to prevent exploitation. As a temporary workaround, consider disabling JavaScript or restricting access to potentially malicious websites to minimize the risk of exploitation.