Jonathan Afek

**Name of the Vulnerable Software and Affected Versions** AREVA e-terrahabitat versions 5.7 and earlier **Description** The issue is related to a buffer overflow in the MLF application, which can be exploited by remote attackers to execute arbitrary commands or cause a denial of service, resulting in a system crash. The exact vectors used for the exploitation are not specified. **Recommendations** For versions 5.7 and earlier, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** AREVA e-terrahabitat versions 5.7 and earlier **Description** The issue allows remote attackers to cause a denial of service, resulting in a system crash, via unknown vectors. **Recommendations** For versions 5.7 and earlier, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** AREVA e-terrahabitat versions 5.7 and earlier **Description** The issue allows remote attackers to cause a denial of service, resulting in a system crash, via unknown vectors. **Recommendations** For versions 5.7 and earlier, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** AREVA e-terrahabitat versions 5.7 and earlier **Description** The issue allows remote attackers to cause a denial of service, resulting in a system crash, via unknown vectors. **Recommendations** For versions 5.7 and earlier, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** AREVA e-terrahabitat versions 5.7 and earlier **Description** The issue allows remote authenticated users to gain privileges via unknown vectors. **Recommendations** For versions 5.7 and earlier, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Microsoft Internet Information Services (IIS) 5.1 on Windows XP Professional SP2 **Description** The issue concerns the URL parser in Microsoft Internet Information Services (IIS) 5.1, allowing remote attackers to execute arbitrary code. This is achieved through multiple requests to ".dll" followed by specific arguments, such as `~0` through `~9`, which causes ntdll.dll to produce a return value that IIS does not handle correctly. An example of such a request is "/ vti bin/.dll/*/~0". Initially, it was believed that the consequence of this issue would only be a denial of service, resulting in an application crash and reboot. **Recommendations** For Microsoft Internet Information Services (IIS) 5.1 on Windows XP Professional SP2, consider restricting access to the URL parser or applying specific configuration changes to handle the return value from ntdll.dll correctly until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.