Damian Frizza

**Name of the Vulnerable Software and Affected Versions** Microsoft Office XP SP3 Microsoft Office 2004 for Mac **Description** A buffer overflow issue in the MSO.DLL component allows remote attackers to execute arbitrary code via a crafted Office document. **Recommendations** For Microsoft Office XP SP3, update to a version that includes a fix for this issue. For Microsoft Office 2004 for Mac, update to a version that includes a fix for this issue. As a temporary workaround, consider avoiding the use of crafted Office documents until a patch is available.

**Name of the Vulnerable Software and Affected Versions** HP OpenView Network Node Manager versions 7.51 through 7.53 **Description** The issue allows remote attackers to cause a denial of service, resulting in a daemon crash, by sending a packet with an invalid Error Code field to the embedded database engine service. **Recommendations** For versions 7.51 and 7.53, consider restricting access to the embedded database engine service to minimize the risk of exploitation until a patch is available.

**Name of the Vulnerable Software and Affected Versions** RealNetworks Helix Server versions prior to 13.0.0 RealNetworks Helix Mobile Server versions prior to 13.0.0 **Description** The issue allows remote attackers to cause a denial of service, resulting in the daemon exiting. This is achieved by sending multiple RTSP SET PARAMETER requests with empty DataConvertBuffer headers. **Recommendations** For RealNetworks Helix Server versions prior to 13.0.0, update to version 13.0.0 or later. For RealNetworks Helix Mobile Server versions prior to 13.0.0, update to version 13.0.0 or later.

**Name of the Vulnerable Software and Affected Versions** RealNetworks Helix Server and Helix Mobile Server versions prior to 13.0.0 **Description** The issue allows remote attackers to cause a denial of service, resulting in a daemon crash. This can be achieved by sending an RTSP SETUP request with either the / URI specified or a URI that lacks a / character. **Recommendations** For versions prior to 13.0.0, update to version 13.0.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the RTSP SETUP request to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Firebird SQL versions 1.0.3 and earlier Firebird SQL versions 1.5.x before 1.5.6 Firebird SQL versions 2.0.x before 2.0.4 Firebird SQL versions 2.1.x before 2.1.0 RC1 **Description** The issue is related to an integer overflow that might allow remote attackers to execute arbitrary code. This can be triggered via crafted XDR requests, including `op receive`, `op start`, `op start and receive`, `op send`, `op start and send`, and `op start send and receive`, which can cause memory corruption. **Recommendations** For Firebird SQL versions 1.0.3 and earlier, update to a version later than 1.0.3. For Firebird SQL versions 1.5.x before 1.5.6, update to version 1.5.6 or later. For Firebird SQL versions 2.0.x before 2.0.4, update to version 2.0.4 or later. For Firebird SQL versions 2.1.x before 2.1.0 RC1, update to version 2.1.0 RC1 or later.