Richard M. Smith

**Name of the Vulnerable Software and Affected Versions** Microsoft Internet Explorer versions 5.01 through 6 **Description** A remote code execution issue exists due to the instantiation of certain COM objects as ActiveX controls in Internet Explorer, leading to memory corruption. This could allow an attacker to execute arbitrary code by constructing a malicious Web page. If successfully exploited, an attacker could take complete control of an affected system. **Recommendations** For Microsoft Internet Explorer versions 5.01 through 6, consider disabling the instantiation of COM objects as ActiveX controls to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AOL You've Got Pictures (YGP) Picture Finder Tool ActiveX Control versions in AOL 8.0, 8.0 Plus, and 9.0 Classic **Description** The issue is a buffer overflow in the YGPPicFinder.DLL component of the AOL You've Got Pictures Picture Finder Tool ActiveX Control. This allows remote attackers to execute arbitrary code. **Recommendations** For AOL 8.0, 8.0 Plus, and 9.0 Classic, at the moment, there is no information about a newer version that contains a fix for this issue.