Hisayuki Shinmachi

Name of the Vulnerable Software and Affected Versions: Windows 2000 versions prior to SP4 Description: A buffer overflow issue exists in the ShellExecute API function of SHELL32.DLL, potentially allowing attackers to cause a denial of service or execute arbitrary code by providing a long third argument to the function. Recommendations: For Windows 2000 versions prior to SP4, apply Service Pack 4 to resolve the issue.

Name of the Vulnerable Software and Affected Versions: IP Messenger for Win versions 2.00 through 2.02 Description: The issue is related to a buffer overflow in the file and folder transfer mechanism. This can be triggered by a file with a long filename, allowing remote attackers to execute arbitrary code when the user saves the file. Recommendations: For IP Messenger for Win versions 2.00 through 2.02, consider avoiding the use of long filenames in file transfers until a fix is available. As a temporary workaround, restrict the ability to save files received through the messenger to minimize the risk of exploitation.