N00B

**Name of the Vulnerable Software and Affected Versions** Racer version 0.5.3 beta 5 **Description** The issue is related to multiple buffer overflows in both the client and server components. These buffer overflows can be triggered by remote attackers sending a long string to UDP port 26000, which can lead to the execution of arbitrary code. **Recommendations** For Racer version 0.5.3 beta 5, consider restricting access to UDP port 26000 until a patch is available to prevent potential exploitation of the buffer overflows. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Live for Speed versions S1 and S2 **Description** The issue is related to multiple buffer overflows that can be exploited by user-assisted remote attackers to execute arbitrary code. This can be achieved through a `.spr` file, which is a single player replay file containing a long user name, or a `.ply` file containing a long number plate string. **Recommendations** For Live for Speed versions S1 and S2, consider disabling the processing of `.spr` and `.ply` files until a patch is available to prevent the exploitation of buffer overflows. Restrict access to the functions that handle these file types to minimize the risk of arbitrary code execution.

**Name of the Vulnerable Software and Affected Versions** Live for Speed (LFS) S2 ALPHA PATCH 0.5x **Description** The issue allows user-assisted remote attackers to execute arbitrary code via a .mpr file (replay file) that contains a long car name. This is due to a buffer overflow. **Recommendations** For Live for Speed (LFS) S2 ALPHA PATCH 0.5x, avoid using .mpr files with long car names until a patch is available. As a temporary workaround, consider restricting the use of .mpr files or validating the length of car names in these files to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Ace-FTP Client version 1.24a Description: A buffer overflow issue allows remote FTP servers to execute arbitrary code via a long response, given that the user assists in the process. Recommendations: For Ace-FTP Client version 1.24a, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: DVD X Player version 4.1 Professional Description: A stack-based buffer overflow issue allows remote attackers to execute arbitrary code via a PLF playlist containing a long filename. Recommendations: For DVD X Player version 4.1 Professional, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Acoustica MP3 CD Burner versions 4.32 through 4.51 Build 147 Description: The issue allows user-assisted remote attackers to execute arbitrary code via a .asx playlist file with a REF element containing a long string in the `HREF` attribute. Recommendations: For versions 4.32 through 4.51 Build 147, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** UltraISO versions 8.6.2.2011 and earlier **Description** The issue is related to a stack-based buffer overflow that allows remote attackers to execute arbitrary code. This can be achieved via a long `filename` string in a .cue file. **Recommendations** For UltraISO versions 8.6.2.2011 and earlier, update to a version later than 8.6.2.2011 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** MagicISO versions 5.4 build 239 and earlier **Description** The issue is a stack-based buffer overflow that allows remote attackers to execute arbitrary code. This is achieved by using a long filename in a .cue file. **Recommendations** For MagicISO versions 5.4 build 239 and earlier, update to a version later than 5.4 build 239 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** RealNetworks RealPlayer version 10 Gold **Description** The issue allows remote attackers to cause a denial of service, specifically memory consumption, via a certain .ra file. It was initially referred to as a "memory leak," although the accuracy of this description is unclear. **Recommendations** For RealNetworks RealPlayer version 10 Gold, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Opera version 9.2 **Description** The issue allows remote attackers to cause a denial of service, resulting in CPU consumption and application crash, via a malformed torrent file. It is worth noting that the original disclosure refers to this as a memory leak, although this classification is not certain. **Recommendations** For Opera version 9.2, consider avoiding the use of malformed torrent files to prevent CPU consumption and application crash. As a temporary workaround, restrict the use of the BitTorrent implementation until a fix is available.

**Name of the Vulnerable Software and Affected Versions** Foxit Reader version 2.0 **Description** The issue allows remote attackers to cause a denial of service, resulting in an application crash, via a crafted PDF document. **Recommendations** For Foxit Reader version 2.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MoviePlay version 4.76 **Description** A stack-based buffer overflow issue allows remote attackers to execute arbitrary code via a long filename in a LST file. **Recommendations** For MoviePlay version 4.76, update to a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Xfire versions 1.64 and earlier **Description** The issue allows remote attackers to cause a denial of service, resulting in the client application crash. This is achieved by sending a long string to the UDP port 25777. **Recommendations** For Xfire versions 1.64 and earlier, consider restricting access to UDP port 25777 as a temporary workaround to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** FutureSoft TFTP Server Multithreaded (MT) version 1.1 **Description** The issue allows remote attackers to cause a denial of service or possibly execute arbitrary code by sending a crafted packet to port 69/UDP. This triggers a heap-based buffer overflow when constructing an absolute path name. **Recommendations** For FutureSoft TFTP Server Multithreaded (MT) version 1.1, consider restricting access to port 69/UDP to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Patrice Freydiere ImgSvr (aka ADA Image Server) (affected versions not specified) **Description** The issue allows remote attackers to cause a denial of service, resulting in a daemon crash, via a long HTTP POST request. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.