Greg Macmanus

**Name of the Vulnerable Software and Affected Versions** TP-Link EC-70 devices through 2.3.4 Build 20220902 rel.69498 **Description** The issue is related to a buffer overflow in the `tpsocket base64 decode()` function of the TP-Link EC-70 camera's firmware. This buffer overflow can be exploited by a remote attacker to execute arbitrary code. **Recommendations** For TP-Link EC-70 devices through 2.3.4 Build 20220902 rel.69498, consider disabling the `tpsocket base64 decode()` function as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Microsoft PowerPoint versions 2007 SP2 through 2010 **Description** The issue allows local users to gain privileges via a Trojan horse DLL in the current working directory. A remote code execution vulnerability exists in the way that Microsoft PowerPoint handles the loading of DLL files. An attacker who successfully exploited this vulnerability could take complete control of an affected system, then install programs, view, change, or delete data, or create new accounts with full user rights. Users with fewer user rights on the system could be less impacted than users who operate with administrative user rights. **Recommendations** For Microsoft PowerPoint 2007 SP2, update to a version that is not affected by this issue. For Microsoft PowerPoint 2010, update to a version that is not affected by this issue. As a temporary workaround, consider restricting the loading of DLL files from untrusted locations to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows versions prior to the fixed version **Description** The issue is related to an integer underflow in Windows HTTP Services, allowing remote HTTP servers to execute arbitrary code via crafted parameter values in a response. This is due to improper error handling. A remote code execution vulnerability exists in the way that Windows HTTP Services handle specific values returned by a remote Web server. An attacker who successfully exploits this could take complete control of an affected system, enabling them to install programs, view, change, or delete data, or create new accounts with the same user rights as the service or application that calls the WinHTTP API to connect to the attacker's Web server. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Outlook in Office versions prior to the fixed version **Description** The issue allows remote code execution if a specially crafted mailto URI is passed to Outlook. This could enable an attacker to install programs, view, change, or delete data, or create new accounts with full user rights. Users with fewer user rights on the system may be less impacted than those operating with administrative user rights. **Recommendations** For Microsoft Outlook in Office 2000 SP3, update to a version that includes the fix for this issue. For Microsoft Outlook in Office XP SP3, update to a version that includes the fix for this issue. For Microsoft Outlook in Office 2003 SP2 and SP3, update to a version that includes the fix for this issue. As a temporary workaround, consider avoiding the use of crafted mailto URIs in Outlook until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Microsoft Excel versions 2000 SP3 through 2007 Microsoft Excel Viewer 2003 Microsoft Office Compatibility Pack Microsoft Office 2004 for Mac **Description** The issue allows user-assisted remote attackers to execute arbitrary code via crafted data validation records. A remote code execution vulnerability exists in the way Excel processes data validation records when loading Excel files into memory. An attacker could exploit the vulnerability by sending a malformed file which could be hosted on a specially crafted or compromised Web site, or included as an e-mail attachment. **Recommendations** For Microsoft Excel versions 2000 SP3 through 2007, consider avoiding the use of data validation records until a patch is available. For Microsoft Excel Viewer 2003, restrict access to loading Excel files from untrusted sources to minimize the risk of exploitation. For Microsoft Office Compatibility Pack, avoid using the pack to open Excel files from unknown sources until the issue is resolved. For Microsoft Office 2004 for Mac, as a temporary workaround, consider disabling the loading of Excel files with data validation records until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Microsoft Excel versions 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and 2004 for Mac **Description** A remote code execution issue exists in the way Excel handles specially crafted filter records in Excel files. This could allow an attacker to execute arbitrary code via a crafted AutoFilter filter record in an Excel BIFF8 format XLS file, which triggers memory corruption. Such a file might be included in an e-mail attachment or hosted on a malicious Web site, and an attacker could exploit the vulnerability by constructing a specially crafted Excel file. **Recommendations** For Microsoft Excel 2000 SP3, consider applying a patch or update to fix the issue. For Microsoft Excel 2002 SP3, consider applying a patch or update to fix the issue. For Microsoft Excel 2003 SP2, consider applying a patch or update to fix the issue. For Microsoft Excel 2003 Viewer, consider applying a patch or update to fix the issue. For Microsoft Excel 2004 for Mac, consider applying a patch or update to fix the issue. As a temporary workaround, consider avoiding the use of specially crafted filter records in Excel files until a patch is available.

Name of the Vulnerable Software and Affected Versions: Microsoft Windows Media Player versions 9 through 10 Description: A stack-based buffer overflow issue allows remote attackers to execute arbitrary code via a PNG image with a large chunk size. Recommendations: For Microsoft Windows Media Player versions 9 through 10, update to a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** RealPlayer versions 6.0.12.1040 through 6.0.12.1348 RealPlayer 10 RealOne Player v2 RealOne Player v1 RealPlayer 8 RealPlayer Enterprise before 20060322 **Description** A buffer overflow issue exists, allowing remote attackers to have an unknown impact via a malicious Mimio boardCast (mbc) file. **Recommendations** For RealPlayer versions 6.0.12.1040 through 6.0.12.1348, update to a version outside of this range to resolve the issue. For RealPlayer 10, consider upgrading to a newer version to mitigate the risk. For RealOne Player v2 and RealOne Player v1, restrict the use of malicious Mimio boardCast (mbc) files until a patch is available. For RealPlayer 8, avoid using the vulnerable component until a fix is provided. For RealPlayer Enterprise before 20060322, update to a version 20060322 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** RealPlayer versions 10.x RealOne Player (affected versions not specified) Rhapsody version 3 Helix Player (affected versions not specified) **Description** The issue is related to a buffer overflow in the swfformat.dll component. This can be exploited by remote attackers through a crafted SWF (Flash) file, allowing them to execute arbitrary code. The exploitation can occur via a size value in the SWF file that is less than the actual size, or through other unspecified manipulations of the file. **Recommendations** For RealPlayer version 10.x, update to a version that includes a fix for the buffer overflow in swfformat.dll. For RealOne Player, Rhapsody version 3, and Helix Player, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Adobe Acrobat Reader version 5.09 for Unix Description: A buffer overflow issue exists in the mailListIsPdf function, allowing remote attackers to execute arbitrary code via an e-mail message with a crafted PDF attachment. Recommendations: For Adobe Acrobat Reader version 5.09 for Unix, update to a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Samba versions 2.0.x through 3.0.9 Samba Server versions 2.2.x Samba Server version 3.0.0 through 3.0.9 **Description** The issue is caused by an integer overflow in the Samba daemon (smbd) that allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a Samba request with a large number of security descriptors that triggers a heap-based buffer overflow. This can lead to controllable heap corruption, allowing an attacker to gain root privileges on a vulnerable system. The exploitation requires credentials that allow access to a share on the Samba server. Unsuccessful exploitation attempts may cause the process serving the request to crash and leave evidence of an attack in logs. **Recommendations** For Samba versions 2.0.x through 3.0.9, update to a version later than 3.0.9 to resolve the issue. For Samba Server versions 2.2.x, update to a version later than 3.0.9 to resolve the issue. For Samba Server version 3.0.0 through 3.0.9, update to a version later than 3.0.9 to resolve the issue. As a temporary workaround, consider restricting access to the Samba server to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** openSUSE versions (affected versions not specified) SUSE Linux Enterprise versions (affected versions not specified) X.Org libXfont versions prior to 20070403 **Description** The issue involves multiple vulnerabilities in various packages of openSUSE and SUSE Linux Enterprise operating systems, which can lead to disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. Specifically, an integer overflow in the `FontFileInitTable` function in X.Org libXfont allows remote authenticated users to execute arbitrary code via a long first line in the `fonts.dir` file, resulting in a heap overflow. **Recommendations** For openSUSE, update to a version that includes the fix for the vulnerabilities. For SUSE Linux Enterprise, update to a version that includes the fix for the vulnerabilities. For X.Org libXfont, update to version 20070403 or later. As a temporary workaround, consider restricting access to the vulnerable packages until a patch is available.

**Name of the Vulnerable Software and Affected Versions** XFree86-base-fonts version 4.3.0 XFree86 version 4.3.0 XFree86-sdk version 4.3.0 xlibosmesa3-dbg (affected versions not specified) XFree86-100dpi-fonts version 4.3.0 xfonts-pex (affected versions not specified) XFree86-twm version 4.3.0 XFree86-ISO8859-2-100dpi-fonts version 4.3.0 XFree86-75dpi-fonts version 4.3.0 XFree86-ISO8859-9-100dpi-fonts version 4.3.0 XFree86-devel version 4.3.0 XFree86-truetype-fonts version 4.3.0 XFree86-Mesa-libGLU version 4.3.0 XFree86-Xvfb version 4.3.0 XFree86-syriac-fonts version 4.3.0 XFree86-Mesa-libGL version 4.3.0 XFree86-ISO8859-14-100dpi-fonts version 4.3.0 xlibosmesa3 (affected versions not specified) XFree86-ISO8859-14-75dpi-fonts version 4.3.0 xlib6g (affected versions not specified) XFree86-ISO8859-9-75dpi-fonts version 4.3.0 XFree86-ISO8859-15-75dpi-fonts version 4.3.0 XFree86-xdm version 4.3.0 xf86 (affected versions not specified) XFree86-tools version 4.3.0 XFree86-doc version 4.3.0 XFree86-ISO8859-15-100dpi-fonts version 4.3.0 xlib6g-dev (affected versions not specified) XFree86-Xnest version 4.3.0 XFree86-libs version 4.3.0 XFree86-xfs version 4.3.0 XFree86-xauth version 4.3.0 XFree86-libs-data version 4.3.0 XFree86-ISO8859-2-75dpi-fonts version 4.3.0 XFree86-cyrillic-fonts version 4.3.0 XFree86-font-utils version 4.3.0 **Description** The issue involves multiple vulnerabilities in various XFree86 packages and related software, which can lead to breaches of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** XFree86-base-fonts version 4.3.0 XFree86 version 4.3.0 XFree86-sdk version 4.3.0 xlibosmesa3-dbg (affected versions not specified) XFree86-100dpi-fonts version 4.3.0 xfonts-pex (affected versions not specified) XFree86-twm version 4.3.0 XFree86-ISO8859-2-100dpi-fonts version 4.3.0 XFree86-75dpi-fonts version 4.3.0 XFree86-ISO8859-9-100dpi-fonts version 4.3.0 XFree86-devel version 4.3.0 XFree86-truetype-fonts version 4.3.0 XFree86-Mesa-libGLU version 4.3.0 XFree86-Xvfb version 4.3.0 XFree86-syriac-fonts version 4.3.0 XFree86-Mesa-libGL version 4.3.0 XFree86-ISO8859-14-100dpi-fonts version 4.3.0 xlibosmesa3 (affected versions not specified) XFree86-ISO8859-14-75dpi-fonts version 4.3.0 xlib6g (affected versions not specified) XFree86-ISO8859-9-75dpi-fonts version 4.3.0 XFree86-ISO8859-15-75dpi-fonts version 4.3.0 XFree86-xdm version 4.3.0 xf86 (affected versions not specified) XFree86-tools version 4.3.0 XFree86-doc version 4.3.0 XFree86-ISO8859-15-100dpi-fonts version 4.3.0 xlib6g-dev (affected versions not specified) XFree86-libs version 4.3.0 XFree86-Xnest version 4.3.0 XFree86-xfs version 4.3.0 XFree86-xauth version 4.3.0 XFree86-libs-data version 4.3.0 XFree86-ISO8859-2-75dpi-fonts version 4.3.0 XFree86-cyrillic-fonts version 4.3.0 XFree86-font-utils version 4.3.0 **Description** The issue involves multiple vulnerabilities in various XFree86 packages and related software, which can lead to breaches of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** openSUSE versions (affected versions not specified) SUSE Linux Enterprise versions (affected versions not specified) X.Org libXfont versions prior to 20070403 freetype versions prior to 2.3.2 Gentoo Linux freetype versions prior to 2.1.10-r3 **Description** The issue involves multiple vulnerabilities in various packages of openSUSE and SUSE Linux Enterprise operating systems, which can lead to disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. Specifically, an integer overflow in the `bdfReadCharacters` function in `bdfread.c` in X.Org libXfont before 20070403 and freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, resulting in a heap overflow. **Recommendations** For openSUSE and SUSE Linux Enterprise, update the affected packages to the latest versions. For X.Org libXfont, update to version 20070403 or later. For freetype, update to version 2.3.2 or later. For Gentoo Linux freetype, update to version 2.1.10-r3 or later. As a temporary workaround, consider restricting access to the vulnerable packages until a patch is available. Avoid using the `bdfReadCharacters` function in the affected X.Org libXfont and freetype versions until the issue is resolved.