Chris Weber

**Name of the Vulnerable Software and Affected Versions** Microsoft Office InfoPath versions 2003 SP3 through 2007 SP2 Office SharePoint Server versions 2007 SP1 through 2007 SP2 SharePoint Services versions 3.0 SP1 through 3.0 SP2 Internet Explorer version 8 **Description** The issue is related to a cross-site scripting (XSS) vulnerability in the toStaticHTML API. This vulnerability allows remote attackers to inject arbitrary web script or HTML via vectors related to sanitization, potentially leading to information disclosure. An attacker could exploit this vulnerability by constructing a specially crafted Web page, allowing the attacker to execute script in the user's security context against a site that is using the toStaticHTML API. **Recommendations** For Microsoft Office InfoPath versions 2003 SP3 through 2007 SP2, consider disabling the toStaticHTML API until a patch is available. For Office SharePoint Server versions 2007 SP1 through 2007 SP2, restrict access to the toStaticHTML API to minimize the risk of exploitation. For SharePoint Services versions 3.0 SP1 through 3.0 SP2, avoid using the toStaticHTML API in sensitive operations until the issue is resolved. For Internet Explorer version 8, as a temporary workaround, consider disabling the `toStaticHTML()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Apple Safari versions prior to 4.0.3 iPhone OS versions prior to 3.1 iPhone OS versions prior to 3.1.1 for iPod touch **Description** The issue allows remote attackers to spoof domain names in URLs, and possibly conduct phishing attacks, via unspecified homoglyphs. This could lead to users being redirected to malicious websites. **Recommendations** For Apple Safari versions prior to 4.0.3, update to version 4.0.3 or later to resolve the issue. For iPhone OS versions prior to 3.1, update to version 3.1 or later to resolve the issue. For iPhone OS versions prior to 3.1.1 for iPod touch, update to version 3.1.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** eBay Enhanced Picture Uploader ActiveX control version 1.0.26 and earlier **Description** The issue allows remote attackers to execute arbitrary commands via the `PictureUrls` property. **Recommendations** For versions prior to 1.0.27, update to version 1.0.27 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** IBM Access Support ActiveX control in IbmEgath.dll (affected versions not specified) **Description** The issue is related to a stack-based buffer overflow in the GetXMLValue method of the IBM Access Support ActiveX control. This allows remote attackers to execute arbitrary code. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** BlackBerry Application Web Loader version 1.0 **Description** The issue is related to multiple stack-based buffer overflows in the Research in Motion RIM AxLoader ActiveX control. This can be exploited by remote attackers to execute arbitrary code, potentially through the use of the `load` or `loadJad` method. **Recommendations** For BlackBerry Application Web Loader version 1.0, as a temporary workaround, consider disabling the `load` and `loadJad` methods until a patch is available. Restrict access to the AxLoader ActiveX control to minimize the risk of exploitation.