Robert Freeman

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows versions prior to the fixed version **Description** The issue is related to an unspecified vulnerability in the Load method in the IPersistStreamInit interface in the Active Template Library (ATL), as used in the Microsoft Video ActiveX control in msvidctl.dll in DirectShow. This vulnerability allows remote attackers to execute arbitrary code via unknown vectors that trigger memory corruption. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Microsoft XML Core Services 4.0 Description: The issue is related to an unspecified vulnerability in the setRequestHeader method in the XMLHTTP ActiveX Control 4.0. This vulnerability can be exploited by remote attackers to execute arbitrary code via crafted arguments, leading to memory corruption. The vulnerability is specific to when the control is accessed by Internet Explorer. Recommendations: For Microsoft XML Core Services 4.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.