Aniway

**Name of the Vulnerable Software and Affected Versions** HP LoadRunner Controller versions prior to 12.50 **Description** The issue allows local users to gain privileges via unknown vectors. It is also described as a remote code execution vulnerability due to a stack buffer overflow in scenario files. **Recommendations** For versions prior to 12.50, update to version 12.50 or later to resolve the issue. As a temporary workaround, consider restricting access to scenario files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SAP Crystal Reports (affected versions not specified) **Description** The issue is related to a stack-based buffer overflow in SAP Crystal Reports, which allows remote attackers to execute arbitrary code. This can be achieved by crafting a specific data source string in an RPT file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** HP Data Protector (affected versions not specified) **Description** The issue allows remote attackers to create arbitrary files via an opcode-1091 request, or create or delete arbitrary files via an opcode-305 request. The vendor reportedly asserts that this behavior is "by design." **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Internet Explorer (affected versions not specified) **Description** The issue is related to incorrect access to objects in memory, which can cause a memory error and allow an attacker to execute arbitrary code in the context of the current user. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Internet Explorer (affected versions not specified) **Description** The issue is related to incorrect access to objects in memory, which can cause a memory error and allow an attacker to execute arbitrary code in the context of the current user. This is a remote code execution issue. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows versions prior to Windows 8.1 and Windows Server 2012 R2 **Description** A remote code execution issue exists in the way DirectPlay handles specially crafted content. This could allow remote code execution if an attacker convinces a user to view a specially crafted Office document with embedded content. An attacker who successfully exploits this issue could take complete control of an affected system, allowing them to install programs, view, change, or delete data, or create new accounts with full user rights. Users with fewer user rights on the system could be less impacted than users operating with administrative user rights. **Recommendations** For Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012, update to a newer version of Windows to resolve the issue. For Windows 8 and Windows Server 2012, ensure that all security updates are applied to mitigate the risk of exploitation. As a temporary workaround, consider restricting the use of DirectPlay to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** HP OpenView Storage Data Protector versions 6.00 through 6.11 **Description** The issue is related to a stack-based buffer overflow in the OmniInet.exe component of the Backup Client Service. This allows remote attackers to execute arbitrary code via a malformed `GET FILE` message. **Recommendations** For HP OpenView Storage Data Protector versions 6.00 through 6.11, consider restricting access to the Backup Client Service until a patch is available. As a temporary workaround, avoid using the `GET FILE` message in the affected service to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** HP OpenView Storage Data Protector versions 6.00 through 6.11 **Description** The issue is related to a stack-based buffer overflow in the OmniInet.exe component of the Backup Client Service. This can be exploited by remote attackers through a malformed EXEC BAR message, allowing them to execute arbitrary code. **Recommendations** For HP OpenView Storage Data Protector versions 6.00 through 6.11, consider disabling the EXEC BAR message handling in the OmniInet.exe component until a patch is available. Restrict access to the Backup Client Service to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** HP OpenView Storage Data Protector versions 6.00 through 6.11 **Description** The issue is related to a stack-based buffer overflow in the OmniInet.exe component of the Backup Client Service. This allows remote attackers to execute arbitrary code by sending a malformed EXEC SCRIPT message. **Recommendations** For HP OpenView Storage Data Protector versions 6.00 through 6.11, consider disabling the EXEC SCRIPT message handling in the Backup Client Service until a patch is available. Restrict access to the OmniInet.exe component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** HP OpenView Storage Data Protector versions 6.00 through 6.11 **Description** The issue is related to a stack-based buffer overflow in the OmniInet.exe component of the Backup Client Service. This can be exploited by remote attackers through a malformed EXEC INTEGUTIL message, allowing them to execute arbitrary code. **Recommendations** For HP OpenView Storage Data Protector versions 6.00 through 6.11, consider disabling the EXEC INTEGUTIL message handling in the OmniInet.exe component until a patch is available. Restrict access to the Backup Client Service to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** HP OpenView Storage Data Protector versions 6.00 through 6.11 **Description** The issue is related to a stack-based buffer overflow in the OmniInet.exe component of the Backup Client Service. This occurs when processing a malformed stutil message, allowing remote attackers to execute arbitrary code. **Recommendations** For HP OpenView Storage Data Protector versions 6.00 through 6.11, consider disabling the OmniInet.exe component until a patch is available to prevent remote code execution via malformed stutil messages. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** HP OpenView Storage Data Protector versions 6.00 through 6.11 **Description** The issue is related to a stack-based buffer overflow in the OmniInet.exe component of the Backup Client Service. This occurs when a malformed HPFGConfig message is processed, allowing remote attackers to execute arbitrary code. **Recommendations** For HP OpenView Storage Data Protector versions 6.00 through 6.11, consider disabling the OmniInet.exe component or restricting access to the Backup Client Service until a patch is available. Avoid using the HPFGConfig message in the affected service to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** HP OpenView Storage Data Protector versions 6.00 through 6.11 **Description** The issue is related to a stack-based buffer overflow in the OmniInet.exe component of the Backup Client Service. This occurs when processing a malformed omniiaputil message, allowing remote attackers to execute arbitrary code. **Recommendations** For HP OpenView Storage Data Protector versions 6.00 through 6.11, consider disabling the OmniInet.exe component until a patch is available to prevent remote code execution. Restrict access to the Backup Client Service to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** HP OpenView Storage Data Protector versions 6.00 through 6.11 **Description** The issue is related to a stack-based buffer overflow in the OmniInet.exe component of the Backup Client Service. This allows remote attackers to execute arbitrary code by sending a malformed `bm` message. **Recommendations** For HP OpenView Storage Data Protector versions 6.00 through 6.11, consider disabling the OmniInet.exe component until a patch is available to prevent remote code execution. Restrict access to the Backup Client Service to minimize the risk of exploitation. Avoid using the `bm` message in the affected service until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** HP OpenView Storage Data Protector versions 6.00 through 6.11 **Description** The issue allows remote attackers to read arbitrary files via directory traversal sequences in a filename in a "GET FILE" message. This is related to a directory traversal vulnerability in OmniInet.exe in the Backup Client Service. **Recommendations** For HP OpenView Storage Data Protector versions 6.00 through 6.11, consider restricting access to the "GET FILE" message to minimize the risk of exploitation. As a temporary workaround, limit the ability to read arbitrary files via directory traversal sequences in filenames.

**Name of the Vulnerable Software and Affected Versions** Microsoft Excel versions 2002 SP3 Office versions 2004 and 2008 for Mac Open XML File Format Converter for Mac (affected versions not specified) **Description** A remote code execution issue exists in the way Microsoft Excel handles specially crafted Excel files, allowing attackers to trigger a buffer overflow and execute arbitrary code. This could enable an attacker to take complete control of an affected system, install programs, view, change, or delete data, or create new accounts with full user rights. **Recommendations** For Microsoft Excel 2002 SP3, update to a version that fixes the buffer overflow issue. For Office 2004 and 2008 for Mac, apply the necessary patches to handle specially crafted Excel files securely. For Open XML File Format Converter for Mac, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Excel version 2002 SP3 **Description** A remote code execution issue exists in the way Microsoft Excel handles specially crafted Excel files, potentially allowing an attacker to take complete control of an affected system. This could enable the attacker to install programs, view, change, or delete data, or create new accounts with full user rights. The issue is related to a crafted RealTimeData record, specifically involving a stTopic field, double-byte characters, and an incorrect pointer calculation. **Recommendations** For Microsoft Excel 2002 SP3, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Adobe Shockwave Player (affected versions not specified) **Description** The issue concerns a remote code execution vulnerability related to the FFFFFF88 Record Count Element in Adobe Shockwave Player. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Adobe Shockwave (affected versions not specified) **Description** The issue is related to a remote code execution vulnerability in Adobe Shockwave. No specific details about affected devices or real-world incidents are provided. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Excel versions 2002 SP3, 2003 SP3, and 2007 SP2 Office 2004 for Mac Excel Viewer version SP2 Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats version SP2 **Description** A stack-based buffer overflow issue allows remote attackers to execute arbitrary code via vectors related to an axis properties record and improper incrementing of an array index. This issue can be exploited by an attacker who successfully crafts a specially formatted Excel file, potentially allowing the attacker to take complete control of an affected system, install programs, view, change, or delete data, or create new accounts with full user rights. **Recommendations** For Microsoft Excel versions 2002 SP3, 2003 SP3, and 2007 SP2, update to a newer version to mitigate the risk. For Office 2004 for Mac, update to a newer version to mitigate the risk. For Excel Viewer version SP2, update to a newer version to mitigate the risk. For Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats version SP2, update to a newer version to mitigate the risk. As a temporary workaround, consider avoiding the use of specially crafted Excel files that could trigger the axis properties record parsing issue until a patch is available.