Krafty

**Name of the Vulnerable Software and Affected Versions** Apple QuickTime versions prior to 7.3.1 **Description** The issue is a stack-based buffer overflow that allows remote attackers to execute arbitrary code. This is achieved via a long Real Time Streaming Protocol (RTSP) Content-Type header in an RTSP response. The estimated number of potentially affected devices and details about real-world incidents are not specified. **Recommendations** For Apple QuickTime versions prior to 7.3.1, update to version 7.3.1 or later to resolve the issue. As a temporary workaround, consider restricting access to RTSP servers to minimize the risk of exploitation. Avoid using the `Content-Type` header in RTSP responses until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** SonicWall SSL-VPN NetExtender versions prior to 2.1.0.51 SonicWall SSL-VPN NetExtender versions 2.5.x prior to 2.5.0.56 **Description** The issue is a stack-based buffer overflow in the NELaunchCtrl ActiveX control. This allows remote attackers to execute arbitrary code via a long string in the second argument to the `AddRouteEntry` method. **Recommendations** For versions prior to 2.1.0.51, update to version 2.1.0.51 or later. For versions 2.5.x prior to 2.5.0.56, update to version 2.5.0.56 or later.