Alin Rad Pop

**Name of the Vulnerable Software and Affected Versions** Apple QuickTime versions prior to 7.7.2 **Description** The issue is related to an integer signedness error that allows remote attackers to execute arbitrary code or cause a denial of service via a crafted QTVR movie file. This error occurs during the parsing of QTVRStringAtom in Apple QuickTime. **Recommendations** For versions prior to 7.7.2, update to version 7.7.2 or later to resolve the issue. As a temporary workaround, consider avoiding the use of QTVR movie files until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows versions XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview Office versions 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 Silverlight versions 4 before 4.1.10329 Silverlight versions 5 before 5.1.10411 **Description** A remote code execution issue exists in the way affected components handle a specially crafted TrueType font file. This could allow remote code execution if a user opens a specially crafted TrueType font file. An attacker who successfully exploits this issue could take complete control of an affected system, then install programs, view, change, or delete data, or create new accounts with full user rights. **Recommendations** For Microsoft Windows versions XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview, update to a version that includes the fix for the TrueType font parsing issue. For Office versions 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1, update to a version that includes the fix for the TrueType font parsing issue. For Silverlight versions 4 before 4.1.10329, update to version 4.1.10329 or later. For Silverlight versions 5 before 5.1.10411, update to version 5.1.10411 or later. As a temporary workaround, consider avoiding the use of specially crafted TrueType font files until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Microsoft Excel versions 2002 SP3, 2003 SP3, 2007 SP2, and 2010 Office 2004 and 2008 for Mac Open XML File Format Converter for Mac Excel Viewer SP2 Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 **Description** A remote code execution issue exists in the way Microsoft Excel handles specially crafted Excel files, potentially allowing attackers to execute arbitrary code via a crafted 400h substream in an Excel file, triggering a stack-based buffer overflow. This could enable an attacker to take complete control of an affected system, install programs, view, change, or delete data, or create new accounts with full user rights. **Recommendations** For Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010, update to a newer version to mitigate the risk. For Office 2004 and 2008 for Mac, update to a newer version to mitigate the risk. For Open XML File Format Converter for Mac, update to a newer version to mitigate the risk. For Excel Viewer SP2, update to a newer version to mitigate the risk. For Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2, update to a newer version to mitigate the risk.

**Name of the Vulnerable Software and Affected Versions** Microsoft Office XP SP3 Microsoft Office 2003 SP3 Microsoft Office Converter Pack **Description** The issue is related to an integer overflow in the PICT image converter, allowing remote attackers to execute arbitrary code via a crafted PICT image in an Office document. A remote code execution vulnerability exists in the way that Microsoft Office allocates buffer size when handling PICT image files. If a user opens an Office document containing a specially crafted PICT image, an attacker could take complete control of an affected system, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights. **Recommendations** For Microsoft Office XP SP3, update to a version that fixes the integer overflow in the PICT image converter. For Microsoft Office 2003 SP3, update to a version that fixes the integer overflow in the PICT image converter. For Microsoft Office Converter Pack, update to a version that fixes the integer overflow in the PICT image converter. As a temporary workaround, consider avoiding the use of PICT image files in Office documents until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Microsoft PowerPoint versions 2002 SP3 through 2003 SP3 **Description** The issue is a buffer overflow in Microsoft PowerPoint, allowing remote attackers to execute arbitrary code via a crafted PowerPoint 95 document. This can give an attacker full control over the system, enabling them to install programs, view, modify, and delete data, as well as create new accounts with full user rights. **Recommendations** For Microsoft PowerPoint versions 2002 SP3 and 2003 SP3, consider disabling the handling of PowerPoint 95 documents until a patch is available. As a temporary workaround, restrict access to the vulnerable component that handles PowerPoint 95 files to minimize the risk of exploitation. Avoid using the vulnerable version of Microsoft PowerPoint to open specially crafted PowerPoint 95 documents until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Microsoft Excel version 2002 SP3 **Description** A remote code execution issue exists due to improper validation of record information in Microsoft Excel, allowing attackers to execute arbitrary code via a crafted Excel document. This could enable an attacker to take complete control of an affected system, potentially leading to the installation of programs, viewing, changing, or deleting data, or creating new accounts with full user rights. **Recommendations** For Microsoft Excel 2002 SP3, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Word version 2002 SP3 **Description** A double free vulnerability in Microsoft Word allows remote attackers to execute arbitrary code via a Word document with crafted List Format Override (LFO) records. This issue exists in the way that Microsoft Word handles pointers when parsing a specially crafted Word file, which could allow an attacker to take complete control of an affected system. The attacker could then install programs, view, change, or delete data, or create new accounts with full user rights. Users with fewer user rights on the system could be less impacted than users who operate with administrative user rights. **Recommendations** For Microsoft Word 2002 SP3, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions 3.0.x through 3.0.17 Mozilla Firefox versions 3.5.x through 3.5.7 Thunderbird versions prior to 3.0.2 SeaMonkey versions prior to 2.0.3 **Description** A use-after-free issue in the HTML parser allows remote attackers to execute arbitrary code via method calls that attempt to access freed objects in low-memory situations. **Recommendations** For Mozilla Firefox versions 3.0.x through 3.0.17, update to version 3.0.18 or later. For Mozilla Firefox versions 3.5.x through 3.5.7, update to version 3.5.8 or later. For Thunderbird versions prior to 3.0.2, update to version 3.0.2 or later. For SeaMonkey versions prior to 2.0.3, update to version 2.0.3 or later.

**Name of the Vulnerable Software and Affected Versions** HP Power Manager versions prior to 4.2.10 **Description** A stack-based buffer overflow issue exists, allowing remote attackers to execute arbitrary code. This is achieved by providing a long `fileName` parameter in the `goform/formExportDataLogs` endpoint. **Recommendations** For versions prior to 4.2.10, update to version 4.2.10 or later to resolve the issue. As a temporary workaround, consider restricting access to the `goform/formExportDataLogs` endpoint to minimize the risk of exploitation. Avoid using long `fileName` parameters in this endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** HP Power Manager versions prior to 4.2.10 **Description** A directory traversal issue exists in the goform/formExportDataLogs component, allowing remote attackers to overwrite arbitrary files and execute arbitrary code by using directory traversal sequences in the `fileName` parameter. **Recommendations** For versions prior to 4.2.10, update to version 4.2.10 or later to resolve the issue. As a temporary workaround, consider restricting access to the goform/formExportDataLogs component to minimize the risk of exploitation. Avoid using the `fileName` parameter in the affected component until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Adobe Reader versions 7.0 through 7.1.2 Adobe Reader versions 8.0 through 8.1.5 Adobe Reader versions 9.0 through 9.1.1 Adobe Acrobat versions 7.0 through 7.1.2 Adobe Acrobat versions 8.0 through 8.1.5 Adobe Acrobat versions 9.0 through 9.1.1 **Description** The issue is related to a heap-based buffer overflow in the JBIG2 filter, which can be triggered by a crafted PDF file containing JBIG2 text region segments with Huffman encoding. This can lead to memory corruption, causing a denial of service, or potentially allow remote attackers to execute arbitrary code. **Recommendations** For Adobe Reader versions 7.0 through 7.1.2, update to version 7.1.3 or later. For Adobe Reader versions 8.0 through 8.1.5, update to version 8.1.6 or later. For Adobe Reader versions 9.0 through 9.1.1, update to version 9.1.2 or later. For Adobe Acrobat versions 7.0 through 7.1.2, update to version 7.1.3 or later. For Adobe Acrobat versions 8.0 through 8.1.5, update to version 8.1.6 or later. For Adobe Acrobat versions 9.0 through 9.1.1, update to version 9.1.2 or later.

**Name of the Vulnerable Software and Affected Versions** Apple QuickTime versions prior to 7.6.2 **Description** The issue allows remote attackers to execute arbitrary code or cause a denial of service via crafted MS ADPCM encoded audio data in an AVI movie file. **Recommendations** For versions prior to 7.6.2, update to version 7.6.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** libsndfile versions 1.0.15 through 1.0.19 libsndfile version prior to 1.0.20 **Description** The issue concerns multiple vulnerabilities in the libsndfile package, which can be exploited remotely to compromise the confidentiality, integrity, and availability of protected information. Specifically, a heap-based buffer overflow in the `aiff read header` function can be triggered by an AIFF file with an invalid header value, potentially allowing remote attackers to cause a denial of service or execute arbitrary code. **Recommendations** For libsndfile versions 1.0.15 through 1.0.19, update to version 1.0.20 or later to resolve the issue. For libsndfile version prior to 1.0.20, update to version 1.0.20 or later to resolve the issue. As a temporary workaround, consider restricting the use of AIFF files or disabling the `aiff read header` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** libsndfile versions 1.0.15 through 1.0.19 **Description** The issue is related to a heap-based buffer overflow in the `voc read header` function of libsndfile, which can be exploited by remote attackers via a VOC file with an invalid header value. This can cause a denial of service (application crash) and possibly allow the execution of arbitrary code. Additionally, there are multiple vulnerabilities in libsndfile prior to version 1.0.20 that can lead to breaches of confidentiality, integrity, and availability of protected information, and these can be exploited remotely. **Recommendations** For libsndfile versions 1.0.15 through 1.0.19, update to version 1.0.20 or later to resolve the issue. As a temporary workaround, consider avoiding the use of VOC files with invalid header values until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Ghostscript versions prior to 8.64 **Description** A heap-based buffer overflow issue exists in the JBIG2 decoding library, specifically in the big2 decode symbol dict function, allowing remote attackers to execute arbitrary code via a crafted PDF file containing a JBIG2 symbol dictionary segment with a large run length value. **Recommendations** For Ghostscript versions prior to 8.64, update to a version that includes a fix for this issue to prevent exploitation.

Heap-based buffer overflow in Adobe Acrobat Reader 9 before 9.1, 8 before 8.1.4, and 7 before 7.1.1 allows remote attackers to execute arbitrary code via a PDF file with a malformed JBIG2 symbol dictionary segment, a different vulnerability than CVE-2009-1061 and CVE-2009-1062.

Name of the Vulnerable Software and Affected Versions: Trend Micro HouseCall versions 6.51.0.1028 through 6.6.0.1278 Description: The issue allows remote attackers to download an arbitrary library file onto a client system via a "custom update server" argument. This can be leveraged for code execution by writing to a Startup folder. Recommendations: For versions 6.51.0.1028 through 6.6.0.1278, consider disabling the HouseCall ActiveX control until a patch is available. Restrict access to the custom update server argument to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** VLC Media Player version 0.8.6h **Description** The issue is related to an integer overflow in the Open function in modules/demux/wav.c, which can be exploited by remote attackers to execute arbitrary code via a large fmt chunk in a WAV file. This is due to errors in number processing. **Recommendations** For VLC Media Player version 0.8.6h, update to a newer version to mitigate the risk of exploitation. As a temporary workaround, consider avoiding the use of the Open function in modules/demux/wav.c when handling WAV files until a patch is available. Restrict access to WAV files to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Samba versions 3.0.0 through 3.0.26a Samba version 3.0.25b Description: The issue concerns multiple vulnerabilities in the Samba package, which can lead to a breach of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. A specific vulnerability is a stack-based buffer overflow in nmbd, related to handling GETDC logon server requests, allowing remote attackers to have an unknown impact via crafted GETDC mailslot requests. Recommendations: For Samba versions 3.0.0 through 3.0.26a, update to a version newer than 3.0.26a to resolve the issue. For Samba version 3.0.25b, update to a version newer than 3.0.25b to resolve the issue. As a temporary workaround, consider restricting access to the nmbd service until a patch is available.

**Name of the Vulnerable Software and Affected Versions** cups versions (affected versions not specified) cups-libs versions (affected versions not specified) cups-libs-32bit versions (affected versions not specified) cups-libs-x86 versions (affected versions not specified) cups-client versions (affected versions not specified) cups-debuginfo versions (affected versions not specified) cups-debugsource versions (affected versions not specified) cups-devel versions (affected versions not specified) Xpdf version 3.02pl2 and earlier **Description** The issue involves multiple vulnerabilities in various packages of the SUSE Linux Enterprise operating system, including cups, cups-libs, cups-libs-32bit, cups-libs-x86, cups-client, cups-debuginfo, cups-debugsource, and cups-devel. These vulnerabilities can be exploited remotely and may lead to a breach of confidentiality, integrity, and availability of protected information. Additionally, an integer overflow vulnerability was found in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, which may have unspecified impact related to memory allocation. **Recommendations** For cups, cups-libs, cups-libs-32bit, cups-libs-x86, cups-client, cups-debuginfo, cups-debugsource, and cups-devel, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Xpdf version 3.02pl2 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.