Radlsneak

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows XP versions SP2 through SP3 **Description** A remote code execution issue exists in the Microsoft Windows Messenger ActiveX Control, allowing attackers to execute arbitrary code by constructing a specially crafted Web page. When a user views the Web page, the issue could allow remote code execution, potentially giving the attacker the same user rights as the logged-on user. **Recommendations** For Microsoft Windows XP versions SP2 through SP3, consider disabling the Windows Messenger ActiveX control to minimize the risk of exploitation until a patch is available. Restrict access to web pages that could potentially exploit this issue to reduce the risk of remote code execution.

**Name of the Vulnerable Software and Affected Versions** Symantec Web Gateway versions prior to 4.5.0.376 **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `USERNAME` parameter in the login.php file of the GUI management console. This can lead to remote code execution. **Recommendations** For Symantec Web Gateway versions prior to 4.5.0.376, update to version 4.5.0.376 or later to resolve the issue. As a temporary workaround, consider restricting access to the login.php file in the GUI management console to minimize the risk of exploitation. Avoid using the `USERNAME` parameter in the affected API endpoint until the issue is resolved.