Jan P. Monsch

**Name of the Vulnerable Software and Affected Versions** Microsoft Internet Explorer versions 5.01 through 6 **Description** The issue allows remote attackers to execute arbitrary code via certain invalid HTML that causes memory corruption. A remote code execution vulnerability exists in the way Internet Explorer handles specially crafted and not valid HTML. An attacker could exploit the issue by constructing a malicious Web page that could potentially allow remote code execution if a user visited the malicious Web site. This could allow an attacker to take complete control of an affected system. **Recommendations** For Microsoft Internet Explorer versions 5.01 through 6, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** IBM WebSphere Advanced Server Edition version 4.0.4 **Description** The issue concerns the use of a weak encryption algorithm, specifically XOR and base64 encoding, which allows local users to decrypt passwords when the configuration file is exported to XML. **Recommendations** For IBM WebSphere Advanced Server Edition version 4.0.4, consider updating the encryption algorithm to a more secure method to prevent password decryption. As a temporary workaround, restrict access to the configuration file to minimize the risk of exploitation.