Mark Dowd

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 9.1 Apple OS X versions prior to 10.11.1 Apple watchOS versions prior to 2.0.1 **Description** A directory traversal issue in the BOM component allows remote attackers to execute arbitrary code via a crafted CPIO archive. **Recommendations** For Apple iOS versions prior to 9.1, update to version 9.1 or later. For Apple OS X versions prior to 10.11.1, update to version 10.11.1 or later. For Apple watchOS versions prior to 2.0.1, update to version 2.0.1 or later.

**Name of the Vulnerable Software and Affected Versions** libzrtpcpp versions prior to 3.2.0 libzrtpcpp versions prior to 2.3.4 **Description** The issue concerns multiple vulnerabilities in the libzrtpcpp package, which can be exploited remotely to compromise the confidentiality, integrity, and availability of protected information. A heap-based buffer overflow in the ZRtp::storeMsgTemp function allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large packet. **Recommendations** For versions prior to 2.3.4, update to version 2.3.4 or later. For versions prior to 3.2.0, update to version 3.2.0 or later. As a temporary workaround, consider restricting access to the ZRtp::storeMsgTemp function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** libzrtpcpp versions prior to 3.2.0 libzrtpcpp versions prior to 2.3.4 **Description** The issue affects the libzrtpcpp package in Gentoo Linux and GNU ZRTPCPP, allowing remote attackers to exploit multiple stack-based buffer overflows. This can lead to a denial of service (crash) and possibly the execution of arbitrary code via crafted ZRTP Hello packets to specific functions, including `ZRtp::findBestSASType`, `ZRtp::findBestAuthLen`, `ZRtp::findBestCipher`, `ZRtp::findBestHash`, and `ZRtp::findBestPubKey`. The exploitation of these vulnerabilities can result in the disruption of confidentiality, integrity, and availability of protected information. **Recommendations** For versions prior to 3.2.0, update to version 3.2.0 or later to resolve the issue. For versions prior to 2.3.4, update to version 2.3.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the `ZRtp::findBestSASType`, `ZRtp::findBestAuthLen`, `ZRtp::findBestCipher`, `ZRtp::findBestHash`, and `ZRtp::findBestPubKey` functions until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 6.1 Apple TV versions prior to 5.2 **Description** The issue is related to the kernel's validation of `copyin` and `copyout` arguments. Local users can bypass intended pointer restrictions and access certain locations in kernel memory by providing a length of less than one page. **Recommendations** For Apple iOS versions prior to 6.1, update to version 6.1 or later. For Apple TV versions prior to 5.2, update to version 5.2 or later.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 6.0.1 **Description** The issue concerns the extensions APIs in the kernel, which provide kernel addresses in certain responses. This makes it easier for remote attackers to bypass the Address Space Layout Randomization (ASLR) protection mechanism by using a crafted app. ASLR is a security feature that randomizes the location of an application's code and data in memory to prevent attackers from predicting where certain pieces of code or data will be. **Recommendations** For Apple iOS versions prior to 6.0.1, update to version 6.0.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 5.0.375.70 **Description** The issue is related to the handling of ViewHostMsg DatabaseOpenFile messages in chroot-based sandboxing. It allows remote attackers to bypass intended sandbox restrictions via vectors involving fchdir and chdir calls. **Recommendations** For versions prior to 5.0.375.70, update to version 5.0.375.70 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple Safari versions prior to 5.0 on Mac OS X 10.5 through 10.6 and Windows Apple Safari versions prior to 4.1 on Mac OS X 10.4 **Description** The issue allows remote attackers to execute arbitrary code or cause a denial of service, specifically an application crash, via vectors related to the `Node.normalize` method. **Recommendations** For Apple Safari versions prior to 5.0 on Mac OS X 10.5 through 10.6 and Windows, update to version 5.0 or later. For Apple Safari versions prior to 4.1 on Mac OS X 10.4, update to version 4.1 or later.

**Name of the Vulnerable Software and Affected Versions** Apple Safari versions prior to 5.0 on Mac OS X 10.5 through 10.6 and Windows Apple Safari versions prior to 4.1 on Mac OS X 10.4 **Description** The issue allows remote attackers to execute arbitrary code or cause a denial of service via vectors related to the `removeChild` DOM method. This can lead to an application crash. **Recommendations** For Apple Safari versions prior to 5.0 on Mac OS X 10.5 through 10.6 and Windows, update to version 5.0 or later. For Apple Safari versions prior to 4.1 on Mac OS X 10.4, update to version 4.1 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 4.1.249.1036 **Description** The sandbox infrastructure in Google Chrome does not properly use pointers, which has unspecified impact and attack vectors. **Recommendations** For versions prior to 4.1.249.1036, update to version 4.1.249.1036 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 4.0.249.89 **Description** The issue is related to an integer overflow in the CrossCallParamsEx::CreateFromBuffer function, which can be triggered by a malformed message. This can lead to a denial of service due to heap memory corruption, and potentially have other unspecified impacts. The issue is related to the deserialization of sandbox messages. **Recommendations** For versions prior to 4.0.249.89, update to version 4.0.249.89 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Microsoft Internet Explorer versions 5.01 SP4, 6, 6 SP1, 7, and 8 **Description** The issue arises from improper argument validation for unspecified variables, allowing remote attackers to execute arbitrary code via a crafted HTML document. This is related to the handling of HTML components. **Recommendations** For Microsoft Internet Explorer versions 5.01 SP4, 6, 6 SP1, 7, and 8, consider disabling the handling of HTML components as a temporary workaround until a patch is available. Restrict access to crafted HTML documents to minimize the risk of exploitation. Avoid using unspecified variables in HTML documents until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-0510, CVE-2009-0511, CVE-2009-0512, and CVE-2009-0888.

**Name of the Vulnerable Software and Affected Versions** Adobe Reader versions 7.0 through 7.1.2 Adobe Reader versions 8.0 through 8.1.5 Adobe Reader versions 9.0 through 9.1.1 Adobe Acrobat versions 7.0 through 7.1.2 Adobe Acrobat versions 8.0 through 8.1.5 Adobe Acrobat versions 9.0 through 9.1.1 **Description** A heap-based buffer overflow in the JBIG2 filter allows remote attackers to execute arbitrary code via a crafted file that triggers memory corruption. **Recommendations** For Adobe Reader versions 7.0 through 7.1.2, update to version 7.1.3 or later. For Adobe Reader versions 8.0 through 8.1.5, update to version 8.1.6 or later. For Adobe Reader versions 9.0 through 9.1.1, update to version 9.1.2 or later. For Adobe Acrobat versions 7.0 through 7.1.2, update to version 7.1.3 or later. For Adobe Acrobat versions 8.0 through 8.1.5, update to version 8.1.6 or later. For Adobe Acrobat versions 9.0 through 9.1.1, update to version 9.1.2 or later.

Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-0511, CVE-2009-0512, CVE-2009-0888, and CVE-2009-0889.

Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-0510, CVE-2009-0512, CVE-2009-0888, and CVE-2009-0889.

Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-0510, CVE-2009-0511, CVE-2009-0888, and CVE-2009-0889.

Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-0510, CVE-2009-0511, CVE-2009-0512, and CVE-2009-0889.

**Name of the Vulnerable Software and Affected Versions** Xvid versions prior to 1.2.2 **Description** The issue is related to multiple heap-based buffer overflows in the xvidcore library, which can be triggered by providing a crafted macroblock number in a video stream within a crafted movie file. This can lead to heap memory corruption and allow remote attackers to execute arbitrary code. The problem is associated with a missing resync marker range check and involves the `decoder iframe`, `decoder pframe`, and `decoder bframe` functions. **Recommendations** For Xvid versions prior to 1.2.2, update to version 1.2.2 or later to resolve the issue. As a temporary workaround, consider disabling the use of crafted movie files until the update is applied. Restrict access to video streams from untrusted sources to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Xvid versions prior to 1.2.2 **Description** A heap-based buffer overflow issue exists in the decoder create function within the initialization functionality of Xvid. This issue can be exploited by remote attackers to execute arbitrary code through crafted movie files, particularly when the XVID ERR MEMORY return code is improperly handled during processing. The exploitation vector involves the DirectShow frontend. **Recommendations** For versions prior to 1.2.2, update to version 1.2.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of the decoder create function until a patch is available. Avoid using Xvid to process untrusted or crafted movie files until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: Microsoft Visual Basic 6.0 Visual Studio .NET versions 2002 SP1 and 2003 SP1 Visual FoxPro versions 8.0 SP1, 9.0 SP1, and 9.0 SP2 Office Project versions 2003 SP3 and 2007 Gold and SP1 Description: A heap-based buffer overflow issue exists, allowing remote attackers to execute arbitrary code via a crafted AVI file. This triggers an allocation error and memory corruption. The vulnerability can be exploited by constructing a specially crafted web page, potentially leading to remote code execution when viewed. If successfully exploited, an attacker could gain the same user rights as the logged-on user. Recommendations: For Microsoft Visual Basic 6.0, update to a version that includes the fix for this issue. For Visual Studio .NET versions 2002 SP1 and 2003 SP1, apply the necessary patch or update to a newer version. For Visual FoxPro versions 8.0 SP1, 9.0 SP1, and 9.0 SP2, consider disabling the use of AVI files until a patch is available. For Office Project versions 2003 SP3 and 2007 Gold and SP1, restrict access to crafted web pages to minimize the risk of exploitation.