Krystian Kloskowski

**Name of the Vulnerable Software and Affected Versions** Safari (affected versions not specified) **Description** The issue is related to insufficient input validation in the Safari browser's user interface on the iOS operating system. This could allow a remote attacker to exploit the issue and substitute a web page by modifying its address (URI). **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apple Safari version 4.0.5 **Description** The issue is related to a use-after-free vulnerability that allows remote attackers to execute arbitrary code. This can be achieved by creating a popup window for a crafted HTML document using `window.open`, and then calling the parent window's `close` method. This triggers improper handling of a deleted window object. **Recommendations** For Apple Safari version 4.0.5, consider disabling the use of `window.open` to create popup windows for external HTML documents until a patch is available. Restrict access to potentially malicious websites to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Download Accelerator Plus (DAP) versions 7.0.1.3 through 8.x Description: A stack-based buffer overflow issue exists, allowing remote attackers to execute arbitrary code via an M3U (.m3u) file containing a long MP3 URL. Recommendations: For Download Accelerator Plus (DAP) versions 7.0.1.3 through 8.x, avoid using the software to open M3U files from untrusted sources until a patch is available. As a temporary workaround, consider disabling the handling of M3U files in DAP to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** CA BrightStor ARCserve Backup version R11.5 CA Desktop Management Suite versions r11.1 through r11.2 CA Unicenter products versions r11.1 through r11.2 **Description** A stack-based buffer overflow issue exists in the ListCtrl ActiveX Control, which is used in multiple CA products. This issue can be exploited by remote attackers to execute arbitrary code or cause a denial of service via a long argument to the `AddColumn` method. **Recommendations** For CA BrightStor ARCserve Backup version R11.5, update to a version that includes a fix for this issue. For CA Desktop Management Suite versions r11.1 through r11.2, update to a version that includes a fix for this issue. For CA Unicenter products versions r11.1 through r11.2, update to a version that includes a fix for this issue. As a temporary workaround, consider restricting access to the `AddColumn` method in the ListCtrl ActiveX Control until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Yahoo! Music Jukebox version 2.2.2.056 **Description** The issue is a stack-based buffer overflow in the YMP Datagrid ActiveX control, specifically in the datagrid.dll component. This occurs when a long argument is passed to the `AddImage` method, allowing remote attackers to execute arbitrary code. **Recommendations** For Yahoo! Music Jukebox version 2.2.2.056, consider disabling the `AddImage` method in the YMP Datagrid ActiveX control as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Yahoo! JukeBox version 2.2.2.56 **Description** A buffer overflow issue exists in the YMP Datagrid ActiveX control (datagrid.dll) that allows remote attackers to execute arbitrary code via a long argument to the `AddButton` method. **Recommendations** For Yahoo! JukeBox version 2.2.2.56, consider disabling the `AddButton` method in the YMP Datagrid ActiveX control until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Comodo AntiVirus version 2.0 **Description** The issue concerns a certain ActiveX control that allows remote attackers to execute arbitrary commands. This is achieved via the `ExecuteStr` method, which is vulnerable to exploitation. **Recommendations** For Comodo AntiVirus version 2.0, consider disabling the vulnerable ActiveX control as a temporary workaround until a patch is available. Restrict access to the `ExecuteStr` method to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: COWON America jetAudio Basic version 7.0.3 Description: The issue is a stack-based buffer overflow that allows user-assisted remote attackers to execute arbitrary code. This can be achieved by providing a long URL in an EXTM3U section of a .m3u file. Recommendations: For version 7.0.3, consider avoiding the use of long URLs in EXTM3U sections of .m3u files until a patch is available. As a temporary workaround, restrict the handling of .m3u files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** iMatix Xitami Web Server version 2.5c2 **Description** The issue is related to multiple buffer overflows that allow remote attackers to execute arbitrary code. This can be achieved by sending a long If-Modified-Since header to either xigui32.exe or xitami.exe. **Recommendations** For iMatix Xitami Web Server version 2.5c2, consider updating to a newer version that addresses these buffer overflows, or as a temporary workaround, restrict access to xigui32.exe and xitami.exe to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** jetAudio versions 7.0.3 through 7.0.3.3016 **Description** The issue allows remote attackers to create or overwrite arbitrary local files via a .. (dot dot backslash) in the second argument to the `DownloadFromMusicStore` method. This can be leveraged for code execution by overwriting JetAudio.exe, which is launched by the control after completion of the method call. **Recommendations** For versions 7.0.3 through 7.0.3.3016, consider disabling the `DownloadFromMusicStore` method until a patch is available to prevent exploitation. Restrict access to the JetAudio.Interface.1 ActiveX control in JetFlExt.dll to minimize the risk of arbitrary file creation or overwrite.

**Name of the Vulnerable Software and Affected Versions** DirectX Media 6.0 SDK versions 6.0.2.827 **Description** A buffer overflow issue exists in the Live Picture Corporation DXSurface.LivePicture.FlashPix.1 ActiveX control, which is part of the DirectX Media 6.0 SDK. This issue allows remote attackers to execute arbitrary code by providing a long `SourceUrl` property value. **Recommendations** For version 6.0.2.827, consider disabling the use of the `SourceUrl` property in the DXSurface.LivePicture.FlashPix.1 ActiveX control until a patch is available. Restrict access to the DXTLIPI.DLL library to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Nessus Vulnerability Scanner version 3.0.6 Description: The issue allows remote attackers to delete arbitrary files via a .. (dot dot) in the argument to the `deleteReport` method, probably related to the `SCANCTRL.ScanCtrlCtrl.1` ActiveX control in `scan.dll`. This is a directory traversal vulnerability in a certain ActiveX control. Recommendations: For Nessus Vulnerability Scanner version 3.0.6, consider disabling the `deleteReport` method until a patch is available to prevent remote attackers from deleting arbitrary files. Restrict access to the `SCANCTRL.ScanCtrlCtrl.1` ActiveX control in `scan.dll` to minimize the risk of exploitation. Avoid using the `..` (dot dot) sequence in the argument to the `deleteReport` method until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Visual IRC (ViRC) version 2.0 **Description** A stack-based buffer overflow issue allows remote IRC servers to execute arbitrary code via a long response to a JOIN command. **Recommendations** For Visual IRC (ViRC) version 2.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Qualcomm Eudora version 7.1.0.9 Description: A buffer overflow issue allows remote IMAP servers to execute arbitrary code on the client-side via a long FLAGS response to a SELECT INBOX command. This can be exploited by user-assisted, remote IMAP servers. Recommendations: For version 7.1.0.9, update to a newer version that contains a fix for this issue to prevent arbitrary code execution.