Alex Wheeler

**Nome do software vulnerável e versões afetadas** Wind River VxWorks, versões 6.5 a 7 **Descrição** Uma sobrecarga de buffer na pilha do cliente DNS, na função `ipdnsc decode name()`, afeta o software. Este problema afeta apenas produtos que não são mais suportados pelo mantenedor. **Recomendações** Para as versões 6.5 a 7, como essas versões não são mais suportadas, não há informações sobre uma versão mais recente que contenha uma correção para este problema.

**Name of the Vulnerable Software and Affected Versions** Cisco Adaptive Security Appliance versions prior to 8.4(7.30) Cisco Adaptive Security Appliance versions prior to 8.7(1.18) Cisco Adaptive Security Appliance versions prior to 9.0(4.38) Cisco Adaptive Security Appliance versions prior to 9.1(7) Cisco Adaptive Security Appliance versions prior to 9.2(4.5) Cisco Adaptive Security Appliance versions prior to 9.3(3.7) Cisco Adaptive Security Appliance versions prior to 9.4(2.4) Cisco Adaptive Security Appliance versions prior to 9.5(2.2) **Description** The issue is caused by a buffer overflow in the IKEv1 and IKEv2 implementations, which can be exploited by sending specially crafted UDP packets. This may allow a remote attacker to execute arbitrary code or cause a denial of service, resulting in a device reload. **Recommendations** For versions prior to 8.4(7.30), update to 8.4(7.30) or later. For versions prior to 8.7(1.18), update to 8.7(1.18) or later. For versions prior to 9.0(4.38), update to 9.0(4.38) or later. For versions prior to 9.1(7), update to 9.1(7) or later. For versions prior to 9.2(4.5), update to 9.2(4.5) or later. For versions prior to 9.3(3.7), update to 9.3(3.7) or later. For versions prior to 9.4(2.4), update to 9.4(2.4) or later. For versions prior to 9.5(2.2), update to 9.5(2.2) or later. As a temporary workaround, consider restricting access to UDP packets to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows versions 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 **Description** A stack-based buffer overflow exists in the `CComVariant::ReadFromStream` function within the Active Template Library (ATL), specifically as used by the MPEG2TuneRequest ActiveX control in `msvidctl.dll` within Microsoft DirectShow. This allows remote attackers to execute arbitrary code through a crafted web page. The issue was exploited in the wild in July 2009. Successful exploitation grants the attacker the same user rights as the logged-on user. The vulnerable component is the Microsoft Video ActiveX Control. **Recommendations** Versions prior to Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Microsoft Malware Protection Engine (mpengine.dll) (affected versions not specified) Description: The issue is related to an integer overflow in the Microsoft Malware Protection Engine, which can be exploited by remote attackers to execute arbitrary code. This can be achieved through a crafted PDF file, requiring user assistance. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Symantec Antivirus Library version 3.2.14.3 **Description** The issue is related to a heap-based buffer overflow in the Dec2Rar.dll component. This can be exploited by remote attackers through RAR archives with sub-block headers containing incorrect values in the length field, potentially allowing the execution of arbitrary code. **Recommendations** For version 3.2.14.3, consider updating to a newer version that contains a fix for this issue, as using RAR archives with malformed sub-block headers can lead to arbitrary code execution. As a temporary workaround, restrict the handling of RAR archives to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Panda Software Antivirus library (affected versions not specified) **Description** A heap-based buffer overflow issue exists in the pskcmp.dll component of the Panda Software Antivirus library. This issue can be exploited by remote attackers to execute arbitrary code on a vulnerable system by providing a crafted ZOO archive. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Kaspersky Antivirus versions 5.0 Kaspersky Personal Security Suite version 1.1 **Description** The issue is related to a heap-based buffer overflow that can be triggered by a specially crafted CAB file with large records after the header. This allows remote attackers to execute arbitrary code, resulting in a loss of integrity. The `cab.ppl` engine is specifically mentioned as failing to perform proper bounds checking, leading to the buffer overflow. **Recommendations** For Kaspersky Antivirus version 5.0, consider disabling the handling of CAB files until a patch is available. For Kaspersky Personal Security Suite version 1.1, restrict access to the `cab.ppl` engine to minimize the risk of exploitation. As a temporary workaround, avoid using the vulnerable `cab.ppl` engine in Kaspersky Antivirus and Kaspersky Personal Security Suite until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Sophos Antivirus (affected versions not specified) **Description** A heap-based buffer overflow issue exists in the Sophos Antivirus Library, which is used by various Sophos products. This issue can be exploited by remote attackers to execute arbitrary code. The exploitation occurs through a Visio file that contains a crafted sub record length. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Clam AntiVirus (ClamAV) versions 0.86.1 and earlier **Description** The issue is related to multiple integer overflows in file format processors for TNEF, CHM, or FSG files in libclamav. This allows remote attackers to gain privileges via a crafted e-mail message. **Recommendations** For Clam AntiVirus (ClamAV) versions 0.86.1 and earlier, update to a version later than 0.86.1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Novell ZENworks 6.5 Desktop and Server Management versions (affected versions not specified) Novell ZENworks for Desktops versions 4.x Novell ZENworks for Servers versions 3.x **Description** The issue concerns multiple stack-based and heap-based buffer overflows in the Remote Management authentication component, specifically in zenrem32.exe. This allows remote attackers to execute arbitrary code through various vectors, including type 1 and type 2 authentication requests. **Recommendations** For Novell ZENworks 6.5 Desktop and Server Management, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Novell ZENworks for Desktops versions 4.x, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Novell ZENworks for Servers versions 3.x, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** eTrust Antivirus versions 6.0 through 7.1 eTrust Antivirus for the Gateway versions 7.0 and 7.1 CA InoculateIT version 6.0 eTrust Secure Content Manager (affected versions not specified) eTrust Intrusion Detection (affected versions not specified) BrightStor ARCserve Backup (BAB) version 11.1 Vet Antivirus (affected versions not specified) Zonelabs ZoneAlarm Security Suite (affected versions not specified) ZoneAlarm Antivirus (affected versions not specified) **Description** The issue is related to an integer overflow in the Computer Associates Vet Antivirus library. This allows remote attackers to gain privileges via a compressed VBA directory with a project name length of -1, leading to a heap-based buffer overflow. **Recommendations** For eTrust Antivirus versions 6.0 through 7.1, update to a version outside of this range to resolve the issue. For eTrust Antivirus for the Gateway versions 7.0 and 7.1, update to a version outside of this range to resolve the issue. For CA InoculateIT version 6.0, update to a newer version to resolve the issue. For eTrust Secure Content Manager, eTrust Intrusion Detection, BrightStor ARCserve Backup (BAB) version 11.1, Vet Antivirus, Zonelabs ZoneAlarm Security Suite, and ZoneAlarm Antivirus, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** McAfee Scan Engine version 4320 with DAT version prior to 4436 **Description** A buffer overflow issue allows remote attackers to execute arbitrary code via a malformed LHA file with a type 2 header file name field. **Recommendations** For McAfee Scan Engine version 4320, update the DAT version to 4436 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Symantec AntiVirus Library (affected versions not specified) **Description** A heap-based buffer overflow issue exists in the DEC2EXE module, allowing remote attackers to execute arbitrary code. This can be achieved by using a UPX compressed file that contains a negative virtual offset to a crafted PE header. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.