Dominic Chell

**Name of the Vulnerable Software and Affected Versions** Pulse Secure Client versions 5.3RX through 5.3R4 Pulse Secure Client version 9.0R1 **Description** The issue allows attackers to bypass Windows authentication and execute commands on the system with the privileges of Pulse Secure Client. This can be achieved by interrupting the client's network connectivity and triggering a connection to a crafted proxy server with an invalid SSL certificate, which allows certification-manager access. This access enables the attacker to browse local files and execute local programs. **Recommendations** For Pulse Secure Client version 9.0R1, update to a version that includes the necessary security fixes. For Pulse Secure Client versions 5.3RX through 5.3R4, update to version 5.3R5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** FFmpeg versions prior to 0.6.3 libav versions prior to 0.6.3 libavcodec in FFmpeg versions prior to 0.6.3 VideoLAN VLC media player versions 1.1.9 and earlier **Description** The issue is related to a write operation outside the bounds of an array in the Sunplus SP5X JPEG decoder, which can lead to memory corruption or possibly allow remote attackers to execute arbitrary code. This can be achieved via a malformed AMV file. **Recommendations** For FFmpeg versions prior to 0.6.3, update to version 0.6.3 or later. For libav versions prior to 0.6.3, update to version 0.6.3 or later. For VideoLAN VLC media player versions 1.1.9 and earlier, update to a version later than 1.1.9.

**Name of the Vulnerable Software and Affected Versions** Mac OS X versions prior to 10.6.8 **Description** A heap-based buffer overflow issue in ImageIO allows remote attackers to execute arbitrary code or cause a denial of service via a crafted TIFF image. **Recommendations** For versions prior to 10.6.8, update to version 10.6.8 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple Mac OS X versions prior to 10.6.7 **Description** The issue is related to an integer overflow in ImageIO, which can be triggered by a crafted TIFF image with JPEG encoding. This can allow remote attackers to execute arbitrary code or cause a denial of service, resulting in an application crash. **Recommendations** For Apple Mac OS X versions prior to 10.6.7, update to version 10.6.7 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** ImageIO in Apple Mac OS X versions 10.5.8 and 10.6.x through 10.6.4 **Description** The issue allows remote attackers to execute arbitrary code or cause a denial of service, resulting in memory corruption and application crash, via a crafted PSD image. **Recommendations** For Mac OS X 10.5.8, update to a newer version to mitigate the risk. For Mac OS X 10.6.x through 10.6.4, update to version 10.6.5 or later.