Laurent Gaffiã©

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows XP versions SP2 and SP3 Microsoft Windows Server 2003 version SP2 Microsoft Windows Vista versions SP1 and SP2 Microsoft Windows Server 2008 versions Gold, SP2, R2, and R2 SP1 Microsoft Windows 7 versions Gold and SP1 **Description** A denial of service issue exists in the Microsoft Distributed File System (DFS) implementation, allowing remote DFS servers to cause a system hang via a crafted referral response. This can be exploited by sending a specially crafted network message to a computer running the Server service, and it does not require authentication. **Recommendations** For Microsoft Windows XP versions SP2 and SP3, update to a newer version to mitigate the risk. For Microsoft Windows Server 2003 version SP2, update to a newer version to mitigate the risk. For Microsoft Windows Vista versions SP1 and SP2, update to a newer version to mitigate the risk. For Microsoft Windows Server 2008 versions Gold, SP2, R2, and R2 SP1, update to a newer version to mitigate the risk. For Microsoft Windows 7 versions Gold and SP1, update to a newer version to mitigate the risk.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows XP versions SP2 and SP3 Microsoft Windows Server 2003 version SP2 Microsoft Windows Vista versions SP1 and SP2 Microsoft Windows Server 2008 versions Gold, SP2, and R2 Microsoft Windows 7 (affected versions not specified) **Description** The issue arises from the improper validation of fields in an SMB request by the SMB Server, allowing remote attackers to execute arbitrary code via a crafted SMB packet. This is an unauthenticated remote code execution vulnerability in the way that Microsoft Server Message Block (SMB) Protocol software handles specially crafted SMB packets. An attacker can exploit the vulnerability by sending a specially crafted network message to a computer running the Server service, potentially taking complete control of the system. **Recommendations** For Microsoft Windows XP versions SP2 and SP3, update to a newer version that contains a fix for this issue. For Microsoft Windows Server 2003 version SP2, update to a newer version that contains a fix for this issue. For Microsoft Windows Vista versions SP1 and SP2, update to a newer version that contains a fix for this issue. For Microsoft Windows Server 2008 versions Gold, SP2, and R2, update to a newer version that contains a fix for this issue. For Microsoft Windows 7, update to a newer version that contains a fix for this issue. As a temporary workaround, consider disabling the SMB service until a patch is available. Restrict access to the SMB protocol to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows Server 2003 SP2 Microsoft Windows Vista Gold, SP1, and SP2 Microsoft Windows Server 2008 Gold and SP2 **Description** The issue allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service via a crafted SMB transaction response. This can be achieved using either SMBv1 or SMBv2. An unauthenticated remote code execution vulnerability exists in the way the Microsoft Server Message Block (SMB) client implementation parses specially crafted SMB transaction responses. An attacker who successfully exploits this issue could take complete control of the system. **Recommendations** For Microsoft Windows Server 2003 SP2, update to a version that includes the fix for this issue. For Microsoft Windows Vista Gold, SP1, and SP2, update to a version that includes the fix for this issue. For Microsoft Windows Server 2008 Gold and SP2, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting SMB traffic to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows Server 2008 R2 Microsoft Windows 7 **Description** The issue arises from the improper validation of fields in SMB transaction responses by the SMB client, allowing remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service. This can result in memory corruption and system reboot. The vulnerability can be exploited via crafted SMBv1 or SMBv2 responses. An unauthenticated remote code execution vulnerability exists in the Microsoft Server Message Block (SMB) client implementation, enabling an attacker to send a specially crafted SMB response to a client-initiated SMB request and potentially take complete control of the system. **Recommendations** For Microsoft Windows Server 2008 R2, apply the necessary patch to fix the SMB Client Transaction Vulnerability. For Microsoft Windows 7, apply the necessary patch to fix the SMB Client Transaction Vulnerability. As a temporary workaround, consider restricting SMB traffic to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows versions prior to the fixed version Microsoft Windows 2000 SP4 Microsoft Windows XP SP2 and SP3 Microsoft Windows Server 2003 SP2 **Description** The issue arises from the improper validation of response fields by the SMB client implementation, allowing remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted response. An unauthenticated remote code execution vulnerability exists in the way that Microsoft Server Message Block (SMB) Protocol software handles specially crafted SMB responses. This could allow an attacker to take complete control of the system by sending a specially crafted SMB response to a client-initiated SMB request. **Recommendations** For Microsoft Windows 2000 SP4, update to a version that includes the fix for this issue. For Microsoft Windows XP SP2 and SP3, update to a version that includes the fix for this issue. For Microsoft Windows Server 2003 SP2, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to SMB services until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows Server 2008 R2 versions prior to the fixed version Microsoft Windows 7 versions prior to the fixed version Microsoft Windows Vista versions prior to the fixed version Microsoft Windows Server 2008 versions prior to the fixed version **Description** A race condition in the SMB client implementation allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code. An unauthenticated remote code execution vulnerability exists in the way that Microsoft Server Message Block (SMB) Protocol software handles specially crafted SMB packets. This could result in an elevation of privilege vulnerability, allowing an attacker to run arbitrary code with system-level privileges, install programs, view, change, or delete data, or create new accounts with full user rights. The vulnerability could also result in a denial of service, causing the computer to stop responding until restarted. **Recommendations** For Microsoft Windows Server 2008 R2, update to a version that includes the fix for this issue. For Microsoft Windows 7, update to a version that includes the fix for this issue. For Microsoft Windows Vista, update to a version that includes the fix for this issue. For Microsoft Windows Server 2008, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the SMB protocol to minimize the risk of exploitation. Avoid using the `SMB Negotiate` response in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** WordPress versions 2.8.3 and earlier **Description** The issue allows remote attackers to force a password reset for the first user in the database, possibly the administrator. This is achieved by exploiting the `wp-login.php` file, where a `key[]` array variable in a `resetpass` (aka `rp`) action bypasses a check that assumes that `$key` is not an array. **Recommendations** For WordPress versions 2.8.3 and earlier, update to a version later than 2.8.3 to resolve the issue. As a temporary workaround, consider restricting access to the `wp-login.php` file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** VMware Workstation versions 6.5.1 and earlier VMware Player versions 2.5.1 and earlier VMware ACE versions 2.5.1 and earlier VMware Server versions prior to 2.0.1 build 156745 VMware Fusion versions prior to 2.0.2 build 147997 **Description** The issue allows remote attackers to cause a denial of service, resulting in a daemon crash. This can be achieved by sending a long `USER` or `PASS` command. **Recommendations** For VMware Workstation versions 6.5.1 and earlier, update to a version later than 6.5.1. For VMware Player versions 2.5.1 and earlier, update to a version later than 2.5.1. For VMware ACE versions 2.5.1 and earlier, update to a version later than 2.5.1. For VMware Server versions prior to 2.0.1 build 156745, update to version 2.0.1 build 156745 or later. For VMware Fusion versions prior to 2.0.2 build 147997, update to version 2.0.2 build 147997 or later.

**Name of the Vulnerable Software and Affected Versions** Apple QuickTime Player version 7.5.5 iTunes version 8.0.2.20 **Description** The issue is related to a stack-based buffer overflow that can be triggered by a MOV file with long arguments, causing an off by one overflow. This can lead to a denial of service, resulting in an application crash, and potentially allow the execution of arbitrary code. **Recommendations** For Apple QuickTime Player version 7.5.5, update to a newer version to resolve the issue. For iTunes version 8.0.2.20, update to a newer version to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple QuickTime versions 7.4.1 and earlier **Description** The issue is related to multiple stack-based buffer overflows in an ActiveX control in QTPlugin.ocx. This can be exploited by remote attackers who send long arguments to certain methods, potentially causing a denial of service (crash) and possibly allowing the execution of arbitrary code. The methods affected include `SetBgColor`, `SetHREF`, `SetMovieName`, `SetTarget`, and `SetMatrix`. **Recommendations** For Apple QuickTime versions 7.4.1 and earlier, update to a version later than 7.4.1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** phpTrafficA versions 1.4.2 and earlier **Description** A directory traversal issue exists, allowing remote attackers to include arbitrary local files. This is achieved via the `lang` parameter in index.php. **Recommendations** For phpTrafficA versions 1.4.2 and earlier, consider restricting access to the `lang` parameter in index.php to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** phpTrafficA versions 1.4.2 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `pageid` parameter in a "stats" action. **Recommendations** For phpTrafficA versions 1.4.2 and earlier, consider updating to a version later than 1.4.2 to resolve the issue. As a temporary workaround, restrict access to the `index.php` file or avoid using the `pageid` parameter in the stats action until a patch is available.

**Name of the Vulnerable Software and Affected Versions** phpTrafficA versions 1.4.2 and earlier **Description** The issue is related to a cross-site scripting (XSS) vulnerability. This vulnerability allows remote attackers to inject arbitrary web script or HTML via the `lang` parameter in the "index.php" file. **Recommendations** For phpTrafficA versions 1.4.2 and earlier, avoid using the `lang` parameter in the index.php file until a fix is available. As a temporary workaround, consider restricting access to the index.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Ruby versions 1.8.5 and earlier Ruby versions 1.8.6 through 1.8.6-p286 Ruby versions 1.8.7 through 1.8.7-p71 Ruby versions 1.9 through r18423 **Description** The issue concerns multiple vulnerabilities in the Ruby package, which can lead to a denial of service, causing a disruption in the availability of protected information. These vulnerabilities can be exploited remotely, potentially through a Ruby socket. The regular expression engine in affected Ruby versions allows remote attackers to cause an infinite loop and crash via multiple long requests, related to memory allocation failure. **Recommendations** For Ruby version 1.8.5 and earlier, update to a version later than 1.8.5 to resolve the issue. For Ruby versions 1.8.6 through 1.8.6-p286, update to a version later than 1.8.6-p286 to resolve the issue. For Ruby versions 1.8.7 through 1.8.7-p71, update to a version later than 1.8.7-p71 to resolve the issue. For Ruby versions 1.9 through r18423, update to a version later than r18423 to resolve the issue.