E.B

**Name of the Vulnerable Software and Affected Versions** Trend Micro OfficeScan Corp Edition (OSCE) Web-Deployment versions 7.0 through 7.3 build 1343 Patch 4 Trend Micro OfficeScan Corp Edition (OSCE) Web-Deployment version 8.0 Client Server Messaging Security (CSM) versions 3.5 through 3.6 Worry-Free Business Security (WFBS) version 5.0 **Description** The issue is caused by boundary errors in the OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class ActiveX control, allowing remote attackers to execute arbitrary code via a long string in the `Server` property, and possibly other properties. This can be exploited when a user visits a malicious web site, resulting in a stack-based buffer overflow. Successful exploitation requires that the OfficeScan client was installed using web deployment. **Recommendations** For Trend Micro OfficeScan Corp Edition (OSCE) Web-Deployment versions 7.0 through 7.3 build 1343 Patch 4, consider disabling the `ObjRemoveCtrl Class` ActiveX control until a patch is available. For Trend Micro OfficeScan Corp Edition (OSCE) Web-Deployment version 8.0, restrict access to the `OfficeScanRemoveCtrl.dll` to minimize the risk of exploitation. For Client Server Messaging Security (CSM) versions 3.5 through 3.6, avoid using the `Server` property in the affected ActiveX control until the issue is resolved. For Worry-Free Business Security (WFBS) version 5.0, as a temporary workaround, consider disabling the `ObjRemoveCtrl Class` ActiveX control until a patch is available.

**Name of the Vulnerable Software and Affected Versions** RealPlayer versions prior to 10.5 build 6.0.12.1675 RealPlayer versions 11.0.1 build 6.0.14.794 and earlier RealPlayer Enterprise (affected versions not specified) **Description** The issue arises from the RealAudioObjects.RealAudio ActiveX control in rmoc3260.dll, which does not properly manage memory for the `Console` or `Controls` property. This allows remote attackers to execute arbitrary code or cause a denial of service, such as a browser crash, via a series of assignments of long string values. The attack triggers an overwrite of freed heap memory. **Recommendations** For RealPlayer versions prior to 10.5 build 6.0.12.1675, update to build 6.0.12.1675 or later. For RealPlayer versions 11.0.1 build 6.0.14.794 and earlier, update to version 11.0.3 build 6.0.14.806 or later. For RealPlayer Enterprise, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Move Media Player versions 7.7.4.39 through 7.7.6.7 **Description** The issue is a stack-based buffer overflow in the Quantum Streaming Player ActiveX control. This can be exploited by remote attackers to execute arbitrary code via a long argument to the `UploadLogs` method. **Recommendations** For versions 7.7.4.39 through 7.7.6.7, consider disabling the `UploadLogs` method until a patch is available to prevent potential exploitation.

**Name of the Vulnerable Software and Affected Versions** Aurigma Image Uploader ActiveX control (ImageUploader4.ocx) versions 4.5.70 and earlier MySpace MySpaceUploader.ocx version 1.0.0.4 **Description** The issue is a stack-based buffer overflow that allows remote attackers to execute arbitrary code via a long `Action` property. **Recommendations** For Aurigma Image Uploader ActiveX control (ImageUploader4.ocx) versions 4.5.70 and earlier, consider updating to a version later than 4.5.70 to resolve the issue. For MySpace MySpaceUploader.ocx version 1.0.0.4, as a temporary workaround, consider restricting the use of the `Action` property until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Aurigma Image Uploader ActiveX control (ImageUploader4.ocx) versions 4.5.70.0 through 4.6.17.0 Aurigma Image Uploader ActiveX control (ImageUploader5) version 5.0.10.0 Facebook PhotoUploader version 4.5.57.0 **Description** The issue allows remote attackers to execute arbitrary code via long values of the `ExtractExif` and `ExtractIptc` properties. This is due to multiple stack-based buffer overflows in the affected ActiveX control. **Recommendations** For Aurigma Image Uploader ActiveX control (ImageUploader4.ocx) versions 4.5.70.0 through 4.6.17.0, consider disabling the `ExtractExif` and `ExtractIptc` properties until a patch is available. For Aurigma Image Uploader ActiveX control (ImageUploader5) version 5.0.10.0, restrict access to the `ExtractExif` and `ExtractIptc` properties to minimize the risk of exploitation. For Facebook PhotoUploader version 4.5.57.0, avoid using the `ExtractExif` and `ExtractIptc` properties in the affected ActiveX control until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Yahoo! Music Jukebox version 2.2.2.56 **Description** The issue is related to a buffer overflow in the MediaGrid ActiveX control, specifically in the medagrid.dll component. This occurs when a long argument is passed to the `AddBitmap` method, allowing remote attackers to execute arbitrary code. **Recommendations** For Yahoo! Music Jukebox version 2.2.2.56, consider disabling the `AddBitmap` method in the MediaGrid ActiveX control as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Move Networks Upgrade Manager version 1.0.0.1 **Description** The issue is related to a stack-based buffer overflow in the QMPUpgrade.Upgrade.1 ActiveX control in QMPUpgrade.dll. This can be exploited by remote attackers to execute arbitrary code via a long first argument to the `Upgrade` method. **Recommendations** For version 1.0.0.1, consider disabling the `Upgrade` method in the QMPUpgrade.Upgrade.1 ActiveX control as a temporary workaround until a patch is available. Restrict access to the QMPUpgrade.dll to minimize the risk of exploitation. Avoid using long arguments in the `Upgrade` method until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Lycos FileUploader Module version 2.0.0.2 **Description** The issue is related to a heap-based buffer overflow in the FileUploader.FUploadCtl.1 ActiveX control, which is part of the FileUploader.dll. This can be exploited by remote attackers to execute arbitrary code by providing a long value for the `HandwriterFilename` property. **Recommendations** For version 2.0.0.2, consider restricting access to the FileUploader.FUploadCtl.1 ActiveX control until a patch is available. As a temporary workaround, avoid using the `HandwriterFilename` property with long values to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** HP Virtual Rooms version 1.0.0.100 **Description** The issue is related to multiple buffer overflows in the WebHPVCInstall.HPVirtualRooms14 ActiveX control, which is part of the HP Virtual Rooms installation process. This can be exploited by remote attackers to execute arbitrary code via long values of the `AuthenticationURL`, `PortalAPIURL`, or `cabroot` properties. **Recommendations** For version 1.0.0.100, as a temporary workaround, consider restricting the length of the `AuthenticationURL`, `PortalAPIURL`, and `cabroot` property values to prevent buffer overflows until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Gateway Weblaunch version 1.0.0.1 **Description** A directory traversal issue exists in the WebLaunch.WeblaunchCtl.1 ActiveX control, allowing remote attackers to execute arbitrary programs. This can be achieved by providing a .. (dot dot backslash) in the second argument to the `DoWebLaunch` method. **Recommendations** For Gateway Weblaunch version 1.0.0.1, consider restricting access to the `DoWebLaunch` method until a patch is available. As a temporary workaround, avoid using the `DoWebLaunch` method with untrusted input to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Gateway Weblaunch version 1.0.0.1 **Description** The issue is related to multiple stack-based buffer overflows in the WebLaunch.WeblaunchCtl.1 ActiveX control. This can be exploited by remote attackers to execute arbitrary code via a long string in specific arguments to the `DoWebLaunch` method, specifically the second or fourth argument. **Recommendations** For Gateway Weblaunch version 1.0.0.1, consider restricting access to the `DoWebLaunch` method until a patch is available, or avoid using long strings in the second or fourth argument to this method to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** IBM Lotus Domino versions 6.x through 7.x **Description** The issue is related to multiple stack-based buffer overflows in the IBM Lotus Domino Web Access ActiveX control. This can be exploited by remote attackers to execute arbitrary code. The overflow can occur from a long `General ServerName` property value when calling the `InstallBrowserHelperDll` function in the Upload Module. **Recommendations** For versions 6.x through 7.x, consider disabling the `InstallBrowserHelperDll` function in the Upload Module as a temporary workaround until a patch is available. Restrict access to the ActiveX controls provided by inotes6.dll, inotes6w.dll, dwa7.dll, and dwa7w.dll to minimize the risk of exploitation. Avoid using long values for the `General ServerName` property in the affected control until the issue is resolved.