Dan Plakosh

Name of the Vulnerable Software and Affected Versions: Macrovision FLEXnet Connect (formerly InstallShield Update Service) versions (affected versions not specified) Description: The issue is related to a buffer overflow in the Update Service Agent ActiveX Control in isusweb.dll, which allows remote attackers to execute arbitrary code via the `Download` method. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Internet Explorer versions 5.01 SP4 and 6 SP1 and earlier **Description** The issue allows remote attackers to execute arbitrary code via unexpected data related to parameter validation in the DXImageTransform.Microsoft.Light ActiveX control. This can cause Internet Explorer to crash in a way that enables code execution. An attacker could exploit the vulnerability by constructing a specially crafted Web page, potentially allowing remote code execution if a user visits the specially crafted Web site. A successful exploitation could allow an attacker to take complete control of an affected system. **Recommendations** For Microsoft Internet Explorer versions 5.01 SP4 and 6 SP1 and earlier, consider disabling the DXImageTransform.Microsoft.Light ActiveX control as a temporary workaround until a patch is available. Restrict access to Web pages that could potentially exploit this vulnerability to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Eset Anti-Virus versions prior to 1.020 (16th September 2004) Description: The issue allows remote attackers to bypass antivirus protection by using a compressed file with both local and global headers set to zero. This technique does not prevent the compressed file from being opened on a target system, thus potentially exposing the system to malicious content. Recommendations: For Eset Anti-Virus versions prior to 1.020 (16th September 2004), update to version 1.020 or later to resolve the issue.