Benjamin Tobias Franz

**Name of the Vulnerable Software and Affected Versions** Microsoft Excel (affected versions not specified) **Description** A remote code execution issue exists in Excel, which can be exploited when the software handles a Lotus 1-2-3 file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows (affected versions not specified) **Description** The issue concerns multiple unspecified vulnerabilities in the Microsoft Windows Help File viewer, allowing user-assisted attackers to execute arbitrary code via crafted HLP files. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Internet Explorer versions prior to 6.0.2900.2180 **Description** The issue allows remote attackers to cause a denial of service and execute arbitrary code via a Javascript BODY onload event that calls the `window` function. **Recommendations** For versions prior to 6.0.2900.2180, update to a version that is not affected by this issue to prevent exploitation. As a temporary workaround, consider disabling Javascript or restricting the use of the `window` function in the BODY onload event until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Microsoft Internet Explorer version 6.0.2900.2180 **Description** The issue occurs when a user attempts to add a URI to the restricted zone, where the full domain name of the URI starts with numeric sequences similar to an IP address, causing the browser to crash. **Recommendations** For Microsoft Internet Explorer version 6.0.2900.2180, avoid adding URIs with domain names starting with numeric sequences to the restricted zone until a fix is available.

**Name of the Vulnerable Software and Affected Versions** Microsoft Internet Explorer version 6 SP2 **Description** The issue allows remote attackers to cause a denial of service, resulting in an infinite loop and application crash, by utilizing two embedded files that call each other. **Recommendations** For Microsoft Internet Explorer version 6 SP2, consider disabling the feature that allows embedded files to call each other as a temporary workaround until a patch is available.