Carsten H. Eiram

**Name of the Vulnerable Software and Affected Versions** Microsoft Foundation Class (MFC) Library versions prior to the fixed version **Description** A stack-based buffer overflow issue exists in the way window titles are managed in applications written using the Microsoft Foundation Class (MFC) Library. This issue allows context-dependent attackers to execute arbitrary code via a long window title. The vulnerability can be exploited if a remote attacker can influence the window title of any window in an MFC application, potentially allowing the attacker to run arbitrary code in the security context of the current user. **Recommendations** For Microsoft Foundation Class (MFC) Library versions prior to the fixed version, update to the fixed version to resolve the issue. As a temporary workaround, consider restricting the length of window titles in MFC applications to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Microsoft Excel versions 2002 SP3 through 2003 SP3 **Description** A remote code execution issue exists in the way Microsoft Excel handles specially crafted Lotus 1-2-3 workbook files (.wk3). This allows remote attackers to execute arbitrary code. An attacker who successfully exploits this issue could take complete control of an affected system, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights. **Recommendations** For Microsoft Excel 2002 SP3, update to a newer version to mitigate the risk. For Microsoft Excel 2003 SP3, update to a newer version to mitigate the risk. As a temporary workaround, consider avoiding the use of .wk3 files in Microsoft Excel until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Microsoft Excel versions prior to the fixed version Office 2004 and 2008 for Mac (affected versions not specified) Open XML File Format Converter for Mac (affected versions not specified) **Description** A remote code execution issue exists due to improper validation of record information in Microsoft Excel, allowing attackers to execute arbitrary code via a crafted Excel document. This could enable an attacker to take complete control of an affected system, install programs, view, change, or delete data, or create new accounts with full user rights. **Recommendations** For Microsoft Excel, update to a version that includes the fix for this issue. For Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Office versions 2000 SP3 and earlier Microsoft Office for Mac versions 2004 and 2008 Open XML File Format Converter for Mac (affected versions not specified) **Description** A remote code execution issue exists in Microsoft Office Excel, allowing attackers to execute arbitrary code via a crafted Excel file with a malformed record object. This could enable an attacker to take complete control of an affected system, install programs, view, change, or delete data, or create new accounts with full user rights. **Recommendations** For Microsoft Office 2000 SP3 and earlier, update to a version that includes the fix for this issue. For Microsoft Office for Mac versions 2004 and 2008, update to a version that includes the fix for this issue. For Open XML File Format Converter for Mac, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Office 2000 SP3 Microsoft Office XP SP3 Microsoft Office 2003 SP3 Microsoft Office 2004 for Mac Microsoft Office 2008 for Mac 2007 Microsoft Office System SP1 2007 Microsoft Office System SP2 Open XML File Format Converter for Mac Microsoft Office Excel Viewer 2003 SP3 Microsoft Office Excel Viewer Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 Microsoft Office SharePoint Server 2007 SP1 Microsoft Office SharePoint Server 2007 SP2 **Description** The issue allows remote attackers to execute arbitrary code via an Excel file with a Shared String Table (SST) record containing a numeric field that specifies an invalid number of unique strings, triggering a heap-based buffer overflow. This could enable an attacker to take complete control of an affected system, allowing them to install programs, view, change, or delete data, or create new accounts with full user rights. **Recommendations** For Microsoft Office 2000 SP3, update to a newer version to mitigate the risk. For Microsoft Office XP SP3, update to a newer version to mitigate the risk. For Microsoft Office 2003 SP3, update to a newer version to mitigate the risk. For Microsoft Office 2004 for Mac, update to a newer version to mitigate the risk. For Microsoft Office 2008 for Mac, update to a newer version to mitigate the risk. For 2007 Microsoft Office System SP1, update to a newer version to mitigate the risk. For 2007 Microsoft Office System SP2, update to a newer version to mitigate the risk. For Open XML File Format Converter for Mac, update to a newer version to mitigate the risk. For Microsoft Office Excel Viewer 2003 SP3, update to a newer version to mitigate the risk. For Microsoft Office Excel Viewer, update to a newer version to mitigate the risk. For Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1, update to a newer version to mitigate the risk. For Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2, update to a newer version to mitigate the risk. For Microsoft Office SharePoint Server 2007 SP1, update to a newer version to mitigate the risk. For Microsoft Office SharePoint Server 2007 SP2, update to a newer version to mitigate the risk. As a temporary workaround, consider restricting the use of Excel files from untrusted sources until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Microsoft Office PowerPoint 2000 SP3 **Description** The issue is related to the handling of specially crafted PowerPoint files, which can trigger memory corruption due to a large amount of data associated with unspecified atoms. This can lead to remote code execution. An attacker could exploit this by creating a specially crafted PowerPoint file that could be included as an e-mail attachment or hosted on a specially crafted or compromised Web site. **Recommendations** For Microsoft Office PowerPoint 2000 SP3, consider avoiding the use of unspecified atoms in PowerPoint files until a patch is available. As a temporary workaround, restrict access to specially crafted PowerPoint files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mole Group Ticket Booking Script (affected versions not specified) **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities in the booking3.php file of the Mole Group Ticket Booking Script. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via several parameters, including `name`, `address1`, `address2`, `county`, `postcode`, `email`, `phone`, and `mobile`, which are passed to booking2.php. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.