Parvez Anwar

Name of the Vulnerable Software and Affected Versions: Dokan versions 1.0.0.5000 through 1.2.0.1000 Description: The issue is a stack-based buffer overflow in the dokan1.sys driver. An attacker can create a device handle to the system driver and send arbitrary input to trigger the vulnerability. This issue was introduced in the 1.0.0.5000 version update. Recommendations: For versions 1.0.0.5000 through 1.2.0.1000, consider disabling the dokan1.sys driver until a patch is available to prevent exploitation of the stack-based buffer overflow.

**Name of the Vulnerable Software and Affected Versions** Vir.IT eXplorer Anti-Virus versions prior to 8.5.42 **Description** The issue concerns an Arbitrary Write vulnerability in the driver file VIAGLT64.SYS. This vulnerability arises due to the lack of validation of input values from the IOCtl 0x8273007C. **Recommendations** For versions prior to 8.5.42, update to version 8.5.42 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Watchdog Anti-Malware version 2.74.186.150 Online Security Pro version 2.74.186.150 **Description** The issue arises from a NULL pointer dereference vulnerability in the zam32.sys driver. This vulnerability is triggered when an operation is sent to the ioctl `0x80002010` endpoint, due to the lack of validation for the input buffer and its size, which can be NULL or 0. **Recommendations** For Watchdog Anti-Malware version 2.74.186.150, consider disabling the zam32.sys driver until a patch is available. For Online Security Pro version 2.74.186.150, consider disabling the zam32.sys driver until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Watchdog Anti-Malware version 2.74.186.150 Online Security Pro version 2.74.186.150 **Description** The issue arises from a NULL pointer dereference vulnerability in the zam32.sys driver. This vulnerability is triggered when an operation is sent to the ioctl 0x80002054, due to the lack of validation for the input buffer and its size, which can be NULL or 0. **Recommendations** For Watchdog Anti-Malware version 2.74.186.150, consider disabling the zam32.sys driver until a patch is available. For Online Security Pro version 2.74.186.150, consider disabling the zam32.sys driver until a patch is available.

**Name of the Vulnerable Software and Affected Versions** USBPcap version 1.1.0.0 **Description** The issue allows local users to gain privileges via a crafted 0x00090028 IOCTL call, which triggers a NULL pointer dereference in the IofCallDriver function. **Recommendations** For USBPcap version 1.1.0.0, consider restricting access to the IofCallDriver function until a patch is available. Avoid using the 0x00090028 IOCTL call in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Palo Alto Networks Terminal Services Agent versions prior to 7.0.7 **Description** The issue allows local users to gain privileges through vectors that trigger an out-of-bounds write operation. **Recommendations** For versions prior to 7.0.7, update to version 7.0.7 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** SoftSphere DefenseWall Personal Firewall version 3.24 **Description** The issue allows local users to gain privileges by writing data to arbitrary memory locations via a crafted IOCTL call, specifically 0x00222000, 0x00222004, 0x00222008, 0x0022200c, or 0x00222010. **Recommendations** For SoftSphere DefenseWall Personal Firewall version 3.24, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** COMODO Backup versions prior to 4.4.1.23 **Description** The issue allows remote attackers to gain privileges via a crafted device handle, which triggers a NULL pointer dereference in the bdisk.sys driver. **Recommendations** For versions prior to 4.4.1.23, update to version 4.4.1.23 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows XP SP2 and SP3 Microsoft Windows Server 2003 SP2 **Description** The issue allows local users to gain privileges via a Trojan horse executable file in the current working directory. A remote code execution vulnerability exists in the way that Windows registers and uses the Windows Object Packager, which could allow an attacker to take complete control of an affected system, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights. **Recommendations** For Microsoft Windows XP SP2 and SP3, update to a version that includes the fix for this issue. For Microsoft Windows Server 2003 SP2, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting the use of the Windows Object Packager until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Microsoft Office versions 2003 SP3 through 2007 SP2 **Description** The issue allows local users to gain privileges via a Trojan horse DLL in the current working directory. A remote code execution vulnerability exists in the way that Microsoft Office handles the loading of DLL files, which could allow an attacker to take complete control of an affected system. This could enable the attacker to install programs, view, change, or delete data, or create new accounts with full user rights. Users with fewer user rights on the system could be less impacted than those operating with administrative user rights. **Recommendations** For Microsoft Office 2003 SP3, update to a version that is not affected by this issue. For Microsoft Office 2007 SP2, update to a version that is not affected by this issue. As a temporary workaround, consider restricting the loading of DLL files from untrusted locations to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** awApi4.dll version 4.0.0.42 **Description** The issue is related to multiple stack-based buffer overflows in the awApi4.AnswerWorks.1 ActiveX control. This control is used by various applications, including Vantage Linguistics AnswerWorks and Intuit products such as Clearly Bookkeeping, ProSeries, QuickBooks, Quicken, QuickTax, and TurboTax. The buffer overflows can be triggered by remote attackers sending long arguments to certain methods, including `GetHistory`, `GetSeedQuery`, and `SetSeedQuery`, potentially allowing the execution of arbitrary code. **Recommendations** For awApi4.dll version 4.0.0.42, consider disabling the `GetHistory`, `GetSeedQuery`, and `SetSeedQuery` methods until a patch is available to prevent potential exploitation. Restrict access to the awApi4.dll module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sony SonicStage CONNECT Player version 4.3 **Description** The issue allows remote attackers to execute arbitrary code via a long file name in an M3U file, due to a stack-based buffer overflow. **Recommendations** For version 4.3, consider updating to a newer version that addresses this issue, if available. As a temporary workaround, avoid using long file names in M3U files to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Move Media Player version 1.0.0.1 Description: The issue is related to multiple stack-based buffer overflows in the Quantum Streaming Internet Explorer Player ActiveX control. This can be exploited by remote attackers to execute arbitrary code via a long string to the `Play` and `Buzzer` methods. Recommendations: For Move Media Player version 1.0.0.1, consider disabling the `Play` and `Buzzer` methods until a patch is available to prevent exploitation.

**Name of the Vulnerable Software and Affected Versions** MoviePlay version 4.76 **Description** A stack-based buffer overflow issue allows remote attackers to execute arbitrary code via a long filename in a LST file. **Recommendations** For MoviePlay version 4.76, update to a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer versions 5.01, 5.5, and 6 Description: The issue allows remote attackers to cause a denial of service, potentially leading to arbitrary code execution, via a web page with embedded CLSIDs referencing certain COM objects not intended for use within Internet Explorer. This is demonstrated using various COM objects, including the DDS Library Shape Control and other specified objects. Recommendations: For Microsoft Internet Explorer versions 5.01, 5.5, and 6, consider disabling the use of COM objects within Internet Explorer as a temporary workaround until a patch is available. Restrict access to the specified COM objects to minimize the risk of exploitation. Avoid using web pages with embedded CLSIDs that reference these COM objects until the issue is resolved.