Alex Legler

**Name of the Vulnerable Software and Affected Versions** VideoLAN VLC media player versions prior to 1.0.6 **Description** The issue concerns the ZIP archive decompressor in the VideoLAN VLC media player, which allows remote attackers to cause a denial of service, resulting in invalid memory access and application crash, or possibly execute arbitrary code via a crafted archive. **Recommendations** For versions prior to 1.0.6, update to version 1.0.6 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the ZIP archive decompressor until a patch is available. Restrict access to potentially malicious ZIP archives to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** VLC media player versions prior to 1.0.2 **Description** The issue allows remote attackers to execute arbitrary code via crafted media files, including ASF, AVI, and MP4 files. This is related to functions such as `ASF ObjectDumpDebug` in `libasf.c`, `AVI ChunkDumpDebug level` in `libavi.c`, and ` MP4 BoxDumpStructure` in `libmp4.c`. **Recommendations** For versions prior to 1.0.2, update to version 1.0.2 or later to resolve the issue. As a temporary workaround, consider avoiding the use of `ASF ObjectDumpDebug`, `AVI ChunkDumpDebug level`, and ` MP4 BoxDumpStructure` functions until a patch is available. Restrict access to crafted media files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** VideoLAN VLC versions prior to 1.0.6 **Description** The issue is related to a heap-based buffer overflow in the VideoLAN VLC media player. This allows remote attackers to cause a denial of service, resulting in the application crashing, or possibly execute arbitrary code. The exploitation occurs through a crafted byte stream in an RTMP session. **Recommendations** For versions prior to 1.0.6, update to version 1.0.6 or later to resolve the issue. As a temporary workaround, consider restricting access to RTMP sessions until the update is applied.

**Name of the Vulnerable Software and Affected Versions** VideoLAN VLC media player versions prior to 1.0.6 **Description** The issue allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted byte stream to the A/52, DTS, or MPEG Audio decoder. This is due to multiple heap-based buffer overflows in the affected software. **Recommendations** For versions prior to 1.0.6, update to version 1.0.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the A/52, DTS, and MPEG Audio decoders until a patch is applied. Avoid using these decoders with untrusted input sources to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** VLC media player versions prior to 1.0.6 **Description** The issue allows remote attackers to cause a denial of service, resulting in a NULL pointer dereference and application crash. This can be achieved through an empty location element in an XML Shareable Playlist Format (XSPF) document. The `parse track node` function in the XSPF playlist parser is affected. **Recommendations** For versions prior to 1.0.6, update to version 1.0.6 or later to resolve the issue. As a temporary workaround, consider avoiding the use of empty location elements in XSPF documents to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** VideoLAN VLC versions prior to 1.0.6 **Description** The issue allows remote attackers to cause a denial of service, which includes invalid memory access and application crash, or possibly execute arbitrary code. This can be achieved through a crafted byte stream to the `AVI`, `ASF`, or `Matroska` (also known as `MKV`) demuxer. **Recommendations** For versions prior to 1.0.6, update to version 1.0.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the demuxer functions for `AVI`, `ASF`, and `Matroska` files until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Node.js versions prior to 0.6.17 Node.js versions prior to 0.7.8 **Description** The issue allows remote attackers to obtain sensitive information, such as request header contents, and possibly spoof HTTP headers via a zero-length string. This is due to the Update method in src/node http parser.cc not properly checking the length of a string. **Recommendations** For Node.js versions prior to 0.6.17, update to version 0.6.17 or later. For Node.js versions prior to 0.7.8, update to version 0.7.8 or later.

**Name of the Vulnerable Software and Affected Versions** Quassel versions prior to 0.7.3 **Description** The issue allows remote attackers to cause a denial of service, resulting in a crash, by sending a crafted Client-To-Client Protocol (CTCP) request. This has been demonstrated in the wild. **Recommendations** For versions prior to 0.7.3, update to version 0.7.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** UnrealIRCd version 3.2.8.1 **Description** The issue allows remote attackers to execute arbitrary commands due to an externally introduced modification in the DEBUG3 DOLOG SYSTEM macro. This modification was present in versions distributed on certain mirror sites from November 2009 through June 2010. **Recommendations** For UnrealIRCd version 3.2.8.1, as a temporary workaround, consider disabling the DEBUG3 DOLOG SYSTEM macro until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** UnrealIRCd versions 3.2beta11 through 3.2.8 **Description** The issue is related to a buffer overflow that can be triggered when the allow::options::noident option is enabled. This can allow remote attackers to cause a denial of service, potentially leading to a crash, and may also enable the execution of arbitrary code via unspecified vectors. **Recommendations** For UnrealIRCd versions 3.2beta11 through 3.2.8, consider disabling the allow::options::noident option as a temporary workaround to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Ruby on Rails versions 2.1 through 2.1.3 and versions 2.2.x through 2.2.2 **Description** The issue allows remote attackers to bypass cross-site request forgery (CSRF) protection for requests to applications that rely on this protection. This is possible because Ruby on Rails does not verify tokens for requests with certain content types, as demonstrated using text/plain. **Recommendations** For versions 2.1 through 2.1.3, update to version 2.1.3 or later to resolve the issue. For versions 2.2.x through 2.2.2, update to version 2.2.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Mail package version 1.1.14 for PEAR **Description** The issue allows remote attackers to read and write arbitrary files via a crafted `from` parameter in the Mail::Send method. This is a result of an argument injection vulnerability in the sendmail implementation. **Recommendations** For Mail package version 1.1.14, avoid using the `from` parameter in the affected Mail::Send method until the issue is resolved. Consider restricting access to the Mail/sendmail.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Net Traceroute package versions prior to 0.21.2 for PEAR **Description** The issue is related to an argument injection vulnerability in the traceroute function in Traceroute.php. This allows remote attackers to execute arbitrary shell commands via the `host` parameter. **Recommendations** For versions prior to 0.21.2, update to version 0.21.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the traceroute function in Traceroute.php to minimize the risk of exploitation. Avoid using the `host` parameter in the affected function until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Thin web server versions prior to 1.2.4 **Description** The issue allows remote attackers to spoof the IP address of the client by modifying the `X-Forwarded-For` header, potentially hiding their activities. This is due to the reliance on the `X-Forwarded-For` header to determine the client's IP address in the `lib/thin/connection.rb` file. **Recommendations** For versions prior to 1.2.4, update to version 1.2.4 or later to resolve the issue. As a temporary workaround, consider validating the `X-Forwarded-For` header to prevent IP address spoofing. Restrict access to sensitive areas of the web server to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** NASA Common Data Format (CDF) (affected versions not specified) **Description** The issue involves multiple buffer overflows that can be exploited by context-dependent attackers to execute arbitrary code. This is demonstrated through errors in various functions, including an array index error in the `ReadAEDRList64` function, and other errors in the `SearchForRecord r 64` and `LastRecord64` functions, as well as the `CDFsel64` function. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Opera versions prior to 9.64 **Description** The issue allows remote attackers to execute arbitrary code via a crafted JPEG image that triggers memory corruption. **Recommendations** For Opera versions prior to 9.64, update to version 9.64 or later to resolve the issue.