Greg Jones

Researcher fromKPMG UK
#6883of 53,632
39.4Total CVSS
Vulnerabilities · 5
Low
1
High
4
PT-2004-1670
10
2004-12-15
Microsoft · Word For Windows 6.0 Converter · CVE-2004-0571
**Name of the Vulnerable Software and Affected Versions** Microsoft Word for Windows 6.0 Converter **Description** The issue arises from the improper validation of certain data lengths, allowing remote attackers to execute arbitrary code. This can be achieved by sending a malicious .wri, .rtf, or .doc file via email or hosting it on a malicious website. **Recommendations** For Microsoft Word for Windows 6.0 Converter, update to a version that properly validates data lengths to prevent arbitrary code execution.
PT-2004-1381
10
2004-10-16
Microsoft · Internet Explorer · CVE-2004-0216
**Name of the Vulnerable Software and Affected Versions** Internet Explorer versions 5.01 through 6 **Description** The issue is related to an integer overflow in the Install Engine, which can be triggered by a malicious website or HTML email containing a long .CAB file name. This leads to a heap-based buffer overflow, allowing remote attackers to execute arbitrary code. **Recommendations** For Internet Explorer versions 5.01 through 6, at the moment, there is no information about a newer version that contains a fix for this issue.
PT-2003-2060
2.6
2003-12-31
Microsoft · Outlook Express · CVE-2003-1105
**Name of the Vulnerable Software and Affected Versions** Internet Explorer versions 5.01 SP3 through 6.0 SP1 **Description** The issue concerns a problem with rendering certain input tags in HTML, which can cause a denial of service. This results in the browser or Outlook Express crashing when it encounters specific HTML input. **Recommendations** For versions 5.01 SP3 through 6.0 SP1, consider avoiding the use of HTML with certain input tags until a fix is available. As a temporary workaround, restrict the rendering of such tags to prevent the browser or Outlook Express from crashing.
PT-2003-1788
9.3
2003-10-17
Microsoft · Windows · CVE-2003-0662
Name of the Vulnerable Software and Affected Versions: Microsoft Windows versions prior to SP4 Description: The issue allows remote attackers to execute arbitrary code via an HTML document with a long argument to the `RunQuery2` method in the Troubleshooter ActiveX Control (Tshoot.ocx). Recommendations: For versions prior to SP4, update to a newer version to mitigate the risk.
PT-2003-1697
7.5
2003-08-22
Microsoft · Br549.Dll Activex Control · CVE-2003-0530
Name of the Vulnerable Software and Affected Versions: Internet Explorer versions 5.01 SP3 through 6.0 SP1 Description: A buffer overflow issue in the BR549.DLL ActiveX control allows remote attackers to execute arbitrary code. Recommendations: For Internet Explorer versions 5.01 SP3 through 6.0 SP1, consider disabling the BR549.DLL ActiveX control as a temporary workaround until a patch is available.