Moti Joseph

**Name of the Vulnerable Software and Affected Versions** Winny versions 2.0b7.1 and earlier **Description** The issue is related to multiple buffer overflows that could allow remote attackers to execute arbitrary code. The exact vectors used for the exploitation are not specified. **Recommendations** For Winny versions 2.0b7.1 and earlier, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Microsoft Excel versions 2000 SP3 and 2002 SP2 Microsoft Office versions 2004 and 2008 for Mac **Description** The issue allows remote attackers to execute arbitrary code via crafted conditional formatting values. A remote code execution vulnerability exists in the way Excel handles conditional formatting values. An attacker could exploit the vulnerability by sending a malformed file which could be hosted on a specially crafted or compromised Web site, or included as an e-mail attachment. **Recommendations** For Microsoft Excel 2000 SP3, update to a version that is not affected by this issue. For Microsoft Excel 2002 SP2, update to a version that is not affected by this issue. For Microsoft Office 2004 for Mac, update to a version that is not affected by this issue. For Microsoft Office 2008 for Mac, update to a version that is not affected by this issue. As a temporary workaround, consider avoiding the use of conditional formatting values in Excel until a patch is available.