Christopher Gabriel

**Name of the Vulnerable Software and Affected Versions** Trimble SketchUp Viewer version 13.0.4124 **Description** A stack-based buffer overflow issue allows remote attackers to execute arbitrary code via a crafted .SKP file. **Recommendations** For Trimble SketchUp Viewer version 13.0.4124, update to a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** BitZipper 2013 versions prior to Update 1 **Description** The issue allows remote attackers to execute arbitrary code or cause a denial of service due to memory corruption via a crafted ZIP archive. **Recommendations** For BitZipper 2013 versions prior to Update 1, apply Update 1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Microsoft OneNote 2010 SP1 **Description** An information disclosure issue exists due to improper buffer size determination during memory allocation when parsing specially crafted OneNote (.ONE) files. This allows remote attackers to obtain sensitive information. **Recommendations** For Microsoft OneNote 2010 SP1, consider avoiding the use of specially crafted OneNote files until a patch is available. As a temporary workaround, restrict access to sensitive information that could be disclosed through this issue.

**Name of the Vulnerable Software and Affected Versions** Foxit Advanced PDF Editor versions prior to 3.04 **Description** A stack-based buffer overflow issue might allow remote attackers to execute arbitrary code via a crafted document. This could potentially lead to security breaches by reconstructing a certain security cookie. **Recommendations** For Foxit Advanced PDF Editor versions prior to 3.04, update to version 3.04 or later to resolve the issue.