Xin Ouyang

**Name of the Vulnerable Software and Affected Versions** Microsoft Internet Explorer (affected versions not specified) **Description** The issue is related to incorrect access to objects in memory, which can cause a memory error and allow an attacker to execute arbitrary code in the context of the current user. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Internet Explorer (affected versions not specified) **Description** The issue is related to memory handling errors, allowing an attacker to execute arbitrary code or cause a denial of service using a specially crafted website. This is due to improper access to objects in memory in the context of the current user. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0136, and CVE-2012-0137.

**Name of the Vulnerable Software and Affected Versions** Microsoft Visio versions 2002 SP2, 2003 SP3, 2007 SP2 **Description** A remote code execution issue exists due to improper parsing of structures when handling specially crafted Visio files. This allows attackers to execute arbitrary code via a file containing a malformed structure. An attacker who successfully exploits this issue could take complete control of an affected system, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights. Users with fewer user rights on the system could be less affected than those operating with administrative user rights. **Recommendations** For Microsoft Visio 2002 SP2, update to a version that properly parses structures during the opening of a Visio file. For Microsoft Visio 2003 SP3, update to a version that properly parses structures during the opening of a Visio file. For Microsoft Visio 2007 SP2, update to a version that properly parses structures during the opening of a Visio file.

**Name of the Vulnerable Software and Affected Versions** Foxmail version 2.0 **Description** A buffer overflow issue allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long `MAIL FROM` command. **Recommendations** For Foxmail version 2.0, at the moment, there is no information about a newer version that contains a fix for this issue.