Dr_Ide

**Name of the Vulnerable Software and Affected Versions** Mitsubishi MX Component 3 versions 1.0.0.1 Citect CitectFacilities version 7.10 CitectScada version 7.10r1 **Description** The issue is caused by multiple buffer overflows in the ActUWzd.dll library, which allows remote attackers to execute arbitrary code via a long string. This can be demonstrated by a long WzTitle property value to a certain ActiveX control. The exploitation of this issue may enable a remote attacker to execute arbitrary code using a long string. **Recommendations** For Mitsubishi MX Component 3 version 1.0.0.1, consider disabling the use of the ActUWzd.dll library until a patch is available. For Citect CitectFacilities version 7.10, restrict access to the affected ActiveX control to minimize the risk of exploitation. For CitectScada version 7.10r1, avoid using long string values for the WzTitle property in the affected ActiveX control until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** uTorrent versions prior to 1.8.3 (Build 16010) **Description** A buffer overflow issue exists in the "create torrent dialog" functionality, allowing user-assisted remote attackers to cause a denial of service, potentially leading to application crashes, and possibly execute arbitrary code via a text file containing a large string. **Recommendations** For versions prior to 1.8.3 (Build 16010), update to version 1.8.3 (Build 16010) or later to resolve the issue. As a temporary workaround, consider avoiding the use of the "create torrent dialog" functionality with untrusted text files until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Viscom Image Viewer CP Pro version 8.0 Viscom Image Viewer Gold version 6.0 **Description** The issue is a stack-based buffer overflow in the TIFMergeMultiFiles function, located in the SCRIBBLE.ScribbleCtrl.1 ActiveX control (ImageViewer2.ocx). This allows remote attackers to execute arbitrary code via a long `strDelimit` parameter. **Recommendations** For Viscom Image Viewer CP Pro version 8.0, consider disabling the TIFMergeMultiFiles function until a patch is available. For Viscom Image Viewer Gold version 6.0, restrict access to the SCRIBBLE.ScribbleCtrl.1 ActiveX control to minimize the risk of exploitation. Avoid using the `strDelimit` parameter in the affected ActiveX control until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Novell iPrint Client version 5.52 **Description** The issue is related to a stack-based buffer overflow in an ActiveX control. This occurs when a long argument is passed to the `GetDriverSettings2` method, which can also be reached through the `GetDriverSettings` method. This allows remote attackers to execute arbitrary code. **Recommendations** For Novell iPrint Client version 5.52, consider disabling the `GetDriverSettings2` and `GetDriverSettings` methods as a temporary workaround until a patch is available. Restrict access to the ienipp.ocx ActiveX control to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SAP Crystal Reports 2008 SP3 Fix Pack 3.2 **Description** The issue is related to a heap-based buffer overflow in the CrystalReports12.CrystalPrintControl.1 ActiveX control, which is located in PrintControl.dll version 12.3.2.753. This allows remote attackers to execute arbitrary code via a long `ServerResourceVersion` property value. **Recommendations** For SAP Crystal Reports 2008 SP3 Fix Pack 3.2, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** uTorrent versions 2.0.3 and earlier **Description** The issue allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks. This can be achieved via a Trojan horse `plugin dll.dll`, `userenv.dll`, `shfolder.dll`, `dnsapi.dll`, `dwmapi.dll`, `iphlpapi.dll`, `dhcpcsvc.dll`, `dhcpcsvc6.dll`, or `rpcrtremote.dll` that is located in the same folder as a .torrent or .btsearch file. **Recommendations** For uTorrent versions 2.0.3 and earlier, update to a version later than 2.0.3 to resolve the issue. As a temporary workaround, consider restricting the execution of files from untrusted locations to minimize the risk of exploitation. Avoid opening .torrent or .btsearch files from untrusted sources until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** nginx version 0.8.36 **Description** The issue allows remote attackers to cause a denial of service, leading to a crash, via certain encoded directory traversal sequences that trigger memory corruption. An example of such a sequence is the "%c0.%c0." sequence. **Recommendations** For nginx version 0.8.36, update to a newer version to mitigate the risk of denial of service attacks.

**Name of the Vulnerable Software and Affected Versions** Tuniac version 090517c **Description** The issue is related to a buffer overflow that can be triggered by a long URL in a .m3u playlist file, potentially allowing remote attackers to cause a denial of service or possibly execute arbitrary code. **Recommendations** For version 090517c, consider avoiding the use of long URLs in .m3u playlist files until a patch is available. As a temporary workaround, restrict the handling of .m3u files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** BigAnt Server versions 2.50 SP6 and earlier **Description** The issue is related to multiple buffer overflows that can be triggered by a crafted ZIP file. This can cause a denial of service, leading to an application crash when the victim uses specific console menu items, such as the Update or Plug-In item. **Recommendations** For BigAnt Server versions 2.50 SP6 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Xerver version 4.32 **Description** The issue allows remote authenticated users to cause a denial of service, resulting in a daemon crash, by assigning a non-numeric web port in the management interface. This can potentially be exploited by non-authenticated attackers. **Recommendations** For Xerver version 4.32, ensure that only numeric values are assigned to the web port in the management interface to prevent the daemon crash. As a temporary workaround, consider restricting access to the management interface until a proper fix is applied.

**Name of the Vulnerable Software and Affected Versions** Xerver version 4.32 **Description** The issue concerns a lack of authentication in the administrator package, allowing remote attackers to modify application settings. This can be achieved by connecting to the application on port 32123. For example, an attacker can set the `action` option to `wizardStep1` to exploit this issue. **Recommendations** For Xerver version 4.32, consider restricting access to port 32123 until a fix is available. As a temporary workaround, implement additional authentication mechanisms for the administrator package to prevent unauthorized access.

**Name of the Vulnerable Software and Affected Versions** InterVations NaviCOPA Web Server version 3.01 **Description** The issue allows remote attackers to obtain the source code for a web page via a specially crafted HTTP request. This is achieved by adding ::$DATA after the HTML file name in the request. **Recommendations** For InterVations NaviCOPA Web Server version 3.01, consider restricting access to sensitive web pages until a fix is available. As a temporary workaround, avoid using the ::$DATA suffix in HTTP requests to minimize the risk of source code exposure. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Xerver HTTP Server version 4.32 **Description** The issue allows remote attackers to obtain the source code for a web page via a specially crafted HTTP request. This is achieved by adding ::$DATA after the HTML file name in the request. **Recommendations** For Xerver HTTP Server version 4.32, consider restricting access to sensitive web pages until a fix is available. As a temporary workaround, avoid using the ::$DATA suffix in HTTP requests to minimize the risk of source code exposure.