Hamburgers Maccoy

**Name of the Vulnerable Software and Affected Versions** RealPlayer versions prior to 16.0.3.51 RealPlayer SP versions 1.0 through 1.1.5 **Description** A stack-based buffer overflow issue allows remote attackers to execute arbitrary code via a crafted .rmp file. **Recommendations** For RealPlayer versions prior to 16.0.3.51, update to version 16.0.3.51 or later. For RealPlayer SP versions 1.0 through 1.1.5, consider upgrading to a version outside of this range as a mitigation measure.

**Name of the Vulnerable Software and Affected Versions** BigAnt IM Message Server (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands via an SHU (aka search user) request, which is a type of request that can be used to search for users. This can potentially lead to unauthorized access to sensitive data. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** BigAntSoft BigAnt IM Message Server (affected versions not specified) **Description** The issue concerns a lack of authentication for file uploading, allowing remote attackers to create arbitrary files in a specific directory, namely AntServerDocDataPublic, via unspecified vectors. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** BigAnt IM Message Server (affected versions not specified) **Description** The issue concerns multiple stack-based buffer overflows in the AntDS.exe component. These overflows can be triggered by remote attackers through specific requests, including the filename header in an SCH request or the userid component in a DUPF request. This could potentially allow attackers to have an unspecified impact on the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Lync versions 2010 Microsoft Lync Attendee version 2010 Microsoft Lync Attendant version 2010 **Description** The issue allows local users to gain privileges via a Trojan horse DLL in the current working directory. This can be demonstrated by a directory that contains a .ocsmeet file. **Recommendations** For Microsoft Lync 2010, consider restricting access to untrusted directories to minimize the risk of exploitation. For Microsoft Lync Attendee 2010, avoid using untrusted search paths until the issue is resolved. For Microsoft Lync Attendant 2010, as a temporary workaround, consider disabling the loading of DLLs from the current working directory until a patch is available.