Maurycy Prodeus

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows versions prior to the fixed version **Description** A stack-based buffer overflow issue exists in VBScript in Microsoft Windows when Internet Explorer is used. This could allow remote attackers to execute arbitrary code via a long string in the fourth argument (aka helpfile argument) to the `MsgBox` function, leading to code execution when the F1 key is pressed. **Recommendations** For Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Mozilla versions 1.7.3 and earlier Description: A heap-based buffer overflow issue exists, allowing remote attackers to cause a denial of service, resulting in an application crash. This occurs when an NNTP URL (news:) with a trailing '' (backslash) character is used, preventing a string from being NULL terminated. Recommendations: For Mozilla versions 1.7.3 and earlier, as a temporary workaround, consider avoiding the use of NNTP URLs with trailing '' characters until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.