H D Moore

**Name of the Vulnerable Software and Affected Versions** NetGear WG311v1 wireless adapter version 2.3.1.10 **Description** A heap-based buffer overflow issue exists in the wireless driver, allowing remote attackers to execute arbitrary code via an 802.11 management frame with a long SSID. **Recommendations** For version 2.3.1.10, update the wireless driver to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to the wireless network to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** NetGear MA521 PCMCIA adapter version 5.148.724.2003 **Description** The issue is related to a buffer overflow in the MA521nd5.SYS driver, which can be exploited by remote attackers to execute arbitrary code. This can be achieved via beacon or probe 802.11 frame responses with a long supported rates information element. **Recommendations** For version 5.148.724.2003, consider disabling the MA521nd5.SYS driver until a patch is available to prevent potential exploitation. Restrict access to the affected NetGear MA521 PCMCIA adapter to minimize the risk of exploitation. Avoid using the adapter for critical operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Visual Studio 2005 **Description** A cross-zone scripting issue exists in the WMI Object Broker ActiveX control, allowing remote attackers to bypass Internet zone restrictions and execute arbitrary code by instantiating dangerous objects. **Recommendations** For Microsoft Visual Studio 2005, consider disabling the WMI Object Broker ActiveX control until a patch is available. Restrict access to the WmiScriptUtils.dll to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Internet Explorer versions 5.01 through 6 Microsoft Windows 2000 SP4 **Description** The issue allows remote authenticated users to execute arbitrary commands due to a cross-site scripting (XSS) vulnerability. This vulnerability could permit access to local HTML-embedded resource files in the Microsoft Management Console (MMC) library. A remote code execution vulnerability in the Windows Management Console could allow an attacker to take complete control of the affected system. **Recommendations** For Internet Explorer versions 5.01 through 6, update to a version that is not affected by this issue. For Microsoft Windows 2000 SP4, consider restricting access to the Microsoft Management Console (MMC) library until a patch is available. As a temporary workaround, consider disabling the execution of arbitrary commands in the MMC library to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows versions prior to Server 2003 SP2 Microsoft Windows 2000 SP4 Microsoft Windows XP SP1 and SP2 **Description** The issue is related to a heap-based buffer overflow in the Server Service, allowing remote attackers to execute arbitrary code. This is achieved by sending crafted first-class Mailslot messages that trigger memory corruption and bypass size restrictions on second-class Mailslot messages. The vulnerability could allow an attacker to take complete control of the affected system. **Recommendations** For Microsoft Windows 2000 SP4, apply the necessary patch to fix the heap-based buffer overflow in the Server Service. For Microsoft Windows XP SP1 and SP2, update to a newer service pack to resolve the issue. For Microsoft Windows Server 2003 up to SP1, apply the necessary patch or update to a newer service pack to fix the vulnerability. As a temporary workaround, consider restricting access to the Server Service to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Novell GroupWise Messenger versions prior to 2.0 Public Beta 2 **Description** The issue is a stack-based buffer overflow that allows remote attackers to execute arbitrary code. This is achieved by sending a long Accept-Language value without a comma or semicolon. **Recommendations** For versions prior to 2.0 Public Beta 2, update to 2.0 Public Beta 2 or later to resolve the issue. As a temporary workaround, consider restricting access to the Accept-Language header to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Microsoft Data Access Components (MDAC) versions 2.7 through 2.8 Description: The issue is related to an unspecified vulnerability in the RDS.Dataspace ActiveX control, which is part of ActiveX Data Objects (ADO) and distributed in Microsoft Data Access Components (MDAC). This vulnerability allows remote attackers to execute arbitrary code via unknown attack vectors. Recommendations: For MDAC versions 2.7 and 2.8, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Arkeia Network Backup Client version 5.x **Description** The issue concerns hard-coded credentials in the software, which act as a back door. This back door allows remote attackers to access the file system and possibly execute arbitrary commands. **Recommendations** For Arkeia Network Backup Client version 5.x, consider changing the hard-coded credentials to secure ones and restrict access to the file system until a patch is available. As a temporary workaround, restrict remote access to the client to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** aterm terminal emulator version 0.42 **Description** The issue allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal. This could happen when the user views a file containing the malicious sequence, potentially allowing the attacker to execute arbitrary commands. **Recommendations** For aterm terminal emulator version 0.42, consider disabling the processing of certain character escape sequences as a temporary workaround until a patch is available. Restrict access to potentially malicious files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** PuTTY version 0.53 **Description** The issue allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal. This could happen when the user views a file containing the malicious sequence, potentially allowing the attacker to execute arbitrary commands. **Recommendations** For PuTTY version 0.53, consider avoiding the use of potentially malicious files or sequences that could exploit this issue until a patch is available. As a temporary workaround, restrict the ability to insert custom character escape sequences into the command line to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Eterm versions 0.9.1 and earlier **Description** The issue allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal. This could happen when the user views a file containing the malicious sequence, potentially allowing the attacker to execute arbitrary commands. **Recommendations** For versions 0.9.1 and earlier, consider disabling the ability to modify the window title via character escape sequences until a patch is available. Restrict the insertion of modified window titles back into the command line to minimize the risk of exploitation. Avoid viewing files that may contain malicious character escape sequences in the affected terminal emulator until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** hanterm versions prior to 2.0.5 **Description** The issue allows attackers to cause a denial of service via a certain character escape sequence that causes the terminal to enter a tight loop. Multiple vulnerabilities in the hanterm-xf package may lead to breaches of confidentiality, integrity, and availability of protected information, and can be exploited remotely. **Recommendations** For versions prior to 2.0.5, update to version 2.0.5 or later to resolve the issue. As a temporary workaround, consider restricting the use of the DEC UDK processing feature in the hanterm terminal emulator until a patch is available.

**Name of the Vulnerable Software and Affected Versions** rxvt version 2.7.8 **Description** The issue concerns the "screen dump" feature in rxvt, which allows attackers to overwrite arbitrary files via a certain character escape sequence when it is echoed to a user's terminal. This can occur, for example, when a user views a file containing the malicious sequence. Multiple vulnerabilities in the rxvt package may lead to breaches of confidentiality, integrity, and availability of protected information, and these vulnerabilities can be exploited remotely. **Recommendations** For rxvt version 2.7.8, consider disabling the "screen dump" feature as a temporary workaround until a patch is available. Restrict access to sensitive files and terminals to minimize the risk of exploitation. Avoid using the terminal to view untrusted files that may contain malicious character escape sequences until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** rxvt version 2.7.8 **Description** The issue allows attackers to modify menu options and execute arbitrary commands via a certain character escape sequence that inserts the commands into the menu. Multiple vulnerabilities in the rxvt package may lead to breaches of confidentiality, integrity, and availability of protected information, and can be exploited remotely. **Recommendations** For rxvt version 2.7.8, consider disabling the menuBar feature until a patch is available to prevent the execution of arbitrary commands. Restrict access to the menu options to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** rxvt versions 2.7.8 and earlier **Description** The issue allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal. This could happen when the user views a file containing the malicious sequence, potentially allowing the attacker to execute arbitrary commands. Exploitation of the vulnerabilities may lead to disruption of confidentiality, integrity, and availability of protected information and can be carried out remotely. **Recommendations** For versions 2.7.8 and earlier, consider disabling the ability to modify the window title via character escape sequences until a patch is available. Restrict access to potentially malicious files that could contain the harmful sequence to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** XFree86-xf86cfg versions 4.1.0 through 4.2.1 XFree86-font-utils versions 4.1.0 through 4.2.1-21 XFree86-ISO8859-9-75dpi-fonts versions 4.1.0 through 4.2.1-21 XFree86-tools versions 4.1.0 through 4.2.1-21 XFree86-devel versions 4.1.0 through 4.2.1-21 XFree86-75dpi-fonts versions 4.1.0 through 4.2.1-21 XFree86-libs versions 4.1.0 through 4.2.1-21 XFree86-xdm versions 4.1.0 through 4.2.1-21 XFree86-cyrillic-fonts versions 4.1.0 through 4.2.1-21 XFree86-ISO8859-2-100dpi-fonts versions 4.1.0 through 4.2.1-21 XFree86-ISO8859-15-100dpi-fonts versions 4.1.0 through 4.2.1-21 XFree86-100dpi-fonts versions 4.1.0 through 4.2.1-21 XFree86-doc versions 4.1.0 through 4.2.1-21 XFree86-xfs versions 4.1.0 through 4.2.1-21 XFree86-Xnest versions 4.1.0 through 4.2.1-21 XFree86-Mesa-libGL versions 4.1.0 through 4.2.1-21 XFree86-Mesa-libGLU versions 4.1.0 through 4.2.1-21 XFree86-ISO8859-2-75dpi-fonts versions 4.1.0 through 4.2.1-21 XFree86-ISO8859-15-75dpi-fonts versions 4.1.0 through 4.2.1-21 XFree86-truetype-fonts versions 4.1.0 through 4.2.1-21 XFree86-base-fonts versions 4.1.0 through 4.2.1-21 XFree86-Xvfb versions 4.1.0 through 4.2.1-21 XFree86-xauth versions 4.1.0 through 4.2.1-21 XFree86-twm versions 4.1.0 through 4.2.1-21 **Description** The issue affects multiple packages of the XFree86 operating system in Red Hat Linux, allowing remote exploitation that may lead to a breach of confidentiality, integrity, and availability of protected information. According to the Mitre source, the xterm terminal emulator in XFree86 4.2.0 and earlier is vulnerable to an issue where attackers can modify the window title via a certain character escape sequence and then insert it back into the command line in the user's terminal. This could allow the attacker to execute arbitrary commands when the user views a file containing the malicious sequence. **Recommendations** As a temporary workaround, consider disabling the xterm terminal emulator until a patch is available. Restrict access to the vulnerable packages to minimize the risk of exploitation. Avoid using the affected versions of XFree86 until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** XFree86-xf86cfg versions 4.1.0 through 4.2.1 XFree86-font-utils versions 4.1.0 through 4.2.1-21 XFree86-ISO8859-9-75dpi-fonts versions 4.1.0 through 4.2.1-21 XFree86-tools versions 4.1.0 through 4.2.1-21 XFree86-devel versions 4.1.0 through 4.2.1-21 XFree86-75dpi-fonts versions 4.1.0 through 4.2.1-21 XFree86-cyrillic-fonts versions 4.1.0 through 4.2.1-21 XFree86-doc versions 4.1.0 through 4.2.1-21 XFree86-xdm versions 4.1.0 through 4.2.1-21 XFree86-ISO8859-15-100dpi-fonts versions 4.1.0 through 4.2.1-21 XFree86-ISO8859-2-100dpi-fonts versions 4.1.0 through 4.2.1-21 XFree86-100dpi-fonts versions 4.1.0 through 4.2.1-21 XFree86-libs versions 4.1.0 through 4.2.1-21 XFree86-xfs versions 4.1.0 through 4.2.1-21 XFree86-Xnest versions 4.1.0 through 4.2.1-21 XFree86-twm versions 4.1.0 through 4.2.1-21 XFree86-Mesa-libGL versions 4.1.0 through 4.2.1-21 XFree86-Mesa-libGLU versions 4.1.0 through 4.2.1-21 XFree86-truetype-fonts versions 4.1.0 through 4.2.1-21 XFree86-base-fonts versions 4.1.0 through 4.2.1-21 XFree86-Xvfb versions 4.1.0 through 4.2.1-21 XFree86-xauth versions 4.1.0 through 4.2.1-21 **Description** The XFree86 package in Red Hat Linux contains multiple vulnerabilities that can be exploited remotely, leading to a violation of confidentiality, integrity, and availability of protected information. The vulnerabilities can be exploited by attackers to cause a denial of service or potentially gain unauthorized access. The issue is related to the DEC UDK processing feature in the xterm terminal emulator, which allows attackers to cause the terminal to enter a tight loop using a certain character escape sequence. **Recommendations** As a temporary workaround, consider disabling the `xterm` terminal emulator until a patch is available. Restrict access to the vulnerable `XFree86` packages to minimize the risk of exploitation. Avoid using the `xterm` terminal emulator in the affected `XFree86` versions until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Eterm versions 0.9.1 and earlier **Description** The issue allows attackers to overwrite arbitrary files via a certain character escape sequence when it is echoed to a user's terminal, for example, when the user views a file containing the malicious sequence. **Recommendations** For Eterm versions 0.9.1 and earlier, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** aterm version 0.42 **Description** The issue allows attackers to modify menu options and execute arbitrary commands via a certain character escape sequence that inserts the commands into the menu. This is related to the menuBar feature. **Recommendations** For aterm version 0.42, consider disabling the menuBar feature until a patch is available to prevent the execution of arbitrary commands.

**Name of the Vulnerable Software and Affected Versions** dtterm (affected versions not specified) **Description** The issue allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal. This could happen when the user views a file containing the malicious sequence, potentially allowing the attacker to execute arbitrary commands. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.