Fang Xing

Name of the Vulnerable Software and Affected Versions: Windows Media Player versions 7.1 through 10 Description: A heap-based buffer overflow issue exists in the bitmap processing routine, allowing remote attackers to execute arbitrary code via a crafted bitmap (.BMP) file. This file specifies a size of 0 but contains additional data. Recommendations: For Windows Media Player version 7.1, update to a version that includes the fix for this issue. For Windows Media Player version 9, update to a version that includes the fix for this issue. For Windows Media Player version 10, update to a version that includes the fix for this issue. As a temporary workaround, consider avoiding the use of bitmap files from untrusted sources until a patch is available.

Name of the Vulnerable Software and Affected Versions: Microsoft Windows versions prior to Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 Microsoft Windows 98 Microsoft Windows ME Description: A heap-based buffer overflow issue exists due to the way Windows handles malformed embedded Web fonts, specifically Embedded Open Type (EOT) web fonts. This could allow remote attackers to execute arbitrary code via an e-mail message or web page with a crafted EOT web font. An attacker who successfully exploits this issue could take complete control of an affected system. Recommendations: For Microsoft Windows 2000, apply the necessary patch to update to at least SP4. For Microsoft Windows XP, apply the necessary patch to update to at least SP3. For Microsoft Windows Server 2003, apply the necessary patch to update to at least SP2. For Microsoft Windows 98 and ME, consider upgrading to a newer version of Windows, as these versions are no longer supported. As a temporary workaround, consider restricting access to embedded Web fonts until a patch is available.

**Name of the Vulnerable Software and Affected Versions** RealPlayer versions 8, 10, and 10.5 RealOne Player versions 1 and 2 **Description** A heap-based buffer overflow issue exists in the DUNZIP32.DLL component, allowing remote attackers to execute arbitrary code through a crafted RealPlayer Skin (RJS) file. **Recommendations** For RealPlayer versions 8, 10, and 10.5, consider disabling the use of RealPlayer Skin (RJS) files until a patch is available. For RealOne Player versions 1 and 2, avoid using the DUNZIP32.DLL component for processing RJS files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Macromedia Flash plugin versions 7.0.19.0 and earlier (Windows) Macromedia Flash plugin libflashplayer.so versions prior to 7.0.25.0 (Unix) **Description** The issue allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via parameters to the `ActionDefineFunction` ActionScript call in a SWF file. This is due to an improper memory access condition. **Recommendations** For Macromedia Flash plugin versions 7.0.19.0 and earlier (Windows), update to a version later than 7.0.19.0. For Macromedia Flash plugin libflashplayer.so versions prior to 7.0.25.0 (Unix), update to version 7.0.25.0 or later. As a temporary workaround, consider restricting the use of the `ActionDefineFunction` ActionScript call in SWF files until a patch is available.

Name of the Vulnerable Software and Affected Versions: Microsoft Distributed Transaction Coordinator (MSDTC) (affected versions not specified) Description: The issue concerns the MIDL user allocate function in the MSDTC proxy, which allocates a fixed size of memory regardless of the actual size required. This allows attackers to potentially overwrite arbitrary memory locations by providing an incorrect size value to the NdrAllocate function, leading to writing management data outside the allocated buffer. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.