Peter Vreugdenhil

**Name of the Vulnerable Software and Affected Versions** Microsoft Internet Explorer versions 6 through 8 **Description** The issue is related to a use-after-free vulnerability in the CDwnBindInfo function of the mshtml.dll library in Internet Explorer. This vulnerability allows a remote attacker to execute arbitrary JavaScript code by sending a specially crafted HTML file. The vulnerability may corrupt memory, enabling an attacker to execute arbitrary code in the context of the current user. It has been exploited in the wild, with reported incidents of remote code execution, including a watering hole attack on the Council on Foreign Relations website in 2012. **Recommendations** For Microsoft Internet Explorer versions 6 through 8, consider disabling the CDwnBindInfo object as a temporary workaround until a patch is available. Restrict access to potentially vulnerable web sites to minimize the risk of exploitation. Avoid using Internet Explorer for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** RealPlayer versions 11.0 through 11.1 RealPlayer versions 14.0.0 through 14.0.2 RealPlayer SP versions 1.0 through 1.1.5 **Description** The issue allows remote attackers to execute arbitrary code via a .rnx filename corresponding to a crafted RNX file. This is due to the OpenURLInDefaultBrowser method launching a default handler for the filename specified in the first argument. **Recommendations** For RealPlayer versions 11.0 through 11.1, consider disabling the OpenURLInDefaultBrowser method until a patch is available. For RealPlayer versions 14.0.0 through 14.0.2, restrict access to the OpenURLInDefaultBrowser method to minimize the risk of exploitation. For RealPlayer SP versions 1.0 through 1.1.5, avoid using the OpenURLInDefaultBrowser method with untrusted filenames until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Adobe Acrobat Reader (affected versions not specified) **Description** The issue concerns a remote code execution vulnerability related to the decompression of .fli files in U3D textures. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Adobe Acrobat Reader (affected versions not specified) **Description** The issue concerns a remote code execution vulnerability related to U3D texture rgba RLE decompression in Adobe Acrobat Reader. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Adobe Acrobat Reader (affected versions not specified) **Description** The issue is related to a remote code execution vulnerability in Adobe Acrobat Reader, specifically in the U3D Texture psd RLE Decompression. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Adobe Acrobat Reader (affected versions not specified) **Description** The issue is related to a remote code execution vulnerability in the U3D texture bmp RLE decompression of Adobe Acrobat Reader. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Internet Explorer (affected versions not specified) **Description** The issue concerns a remote code execution problem. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Internet Explorer versions 6 through 8 **Description** The issue arises from improper handling of objects in memory, allowing remote attackers to execute arbitrary code by accessing an object that was not properly initialized or has been deleted, leading to memory corruption. A remote code execution vulnerability exists in the way Internet Explorer accesses an object that has not been correctly initialized or has been deleted. An attacker could exploit the vulnerability by constructing a specially crafted Web page, potentially gaining the same user rights as the logged-on user. If successfully exploited, an attacker could take complete control of an affected system, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights. **Recommendations** For Microsoft Internet Explorer versions 6 through 8, consider disabling access to specially crafted Web pages until a patch is available. Restrict user rights to minimize the risk of exploitation, as an attacker who successfully exploits this vulnerability could gain the same user rights as the logged-on user. Avoid viewing untrusted Web pages with Internet Explorer versions 6 through 8 to reduce the risk of remote code execution.

**Name of the Vulnerable Software and Affected Versions** Microsoft Internet Explorer versions 6 SP1 through 8 **Description** A remote code execution issue exists due to improper initialization or deletion of an object, leading to memory corruption. This is related to the CStyleSheet object and the free of the root container. An attacker could exploit this by constructing a specially crafted Web page, potentially allowing remote code execution when a user views the page. If successfully exploited, an attacker could gain the same user rights as the logged-on user, and if the user has administrative rights, the attacker could take complete control of the system. **Recommendations** For Microsoft Internet Explorer versions 6 SP1 through 8, update to a version that is not affected by this issue to prevent remote code execution. As a temporary workaround, consider restricting access to Web pages from untrusted sources to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Oracle Java SE and Java for Business versions 6 Update 18, 5.0 Update 23, 1.4.2 25, and 1.3.1 27 **Description** The issue affects the Sound component, allowing remote attackers to impact confidentiality, integrity, and availability through unknown vectors. It is reportedly related to improper handling of an integer parameter when allocating heap memory in the com.sun.media.sound libraries, potentially enabling remote attackers to execute arbitrary code. **Recommendations** For Oracle Java SE and Java for Business version 6 Update 18, update to a version that includes the fix for this issue. For Oracle Java SE and Java for Business version 5.0 Update 23, update to a version that includes the fix for this issue. For Oracle Java SE and Java for Business version 1.4.2 25, update to a version that includes the fix for this issue. For Oracle Java SE and Java for Business version 1.3.1 27, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the Sound component until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Oracle Java SE and Java for Business versions 6 Update 18, 5.0 Update 23, 1.4.2 25, and 1.3.1 27 **Description** The issue allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. It is claimed by a reliable researcher that this vulnerability is due to improper parsing of a crafted MIDI stream when creating a `MixerSequencer` object, which causes a pointer to be corrupted and allows a NULL byte to be written to arbitrary memory. **Recommendations** For Oracle Java SE and Java for Business versions 6 Update 18, 5.0 Update 23, 1.4.2 25, and 1.3.1 27, consider disabling the `MixerSequencer` object until a patch is available to prevent exploitation. Restrict access to MIDI files to minimize the risk of remote code execution. Avoid using the affected Sound component in Oracle Java SE and Java for Business until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Oracle Java SE and Java for Business versions 6 Update 18, 5.0 Update 23, 1.4.2 25, and 1.3.1 27 **Description** The issue affects the Sound component, allowing remote attackers to impact confidentiality, integrity, and availability through unknown vectors. It is claimed by a reliable researcher that this could be due to an uncontrolled array index, potentially enabling remote attackers to execute arbitrary code via a crafted MIDI file with a manipulated `MixerSequencer` object, related to the `GM Song` structure. **Recommendations** For Oracle Java SE and Java for Business version 6 Update 18, consider disabling the `MixerSequencer` object until a patch is available. For Oracle Java SE and Java for Business version 5.0 Update 23, restrict access to MIDI files to minimize the risk of exploitation. For Oracle Java SE and Java for Business version 1.4.2 25, avoid using the `MixerSequencer` object in sensitive operations until the issue is resolved. For Oracle Java SE and Java for Business version 1.3.1 27, consider applying configuration changes to limit the impact of potential attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Internet Explorer versions 6 through 8 **Description** The issue arises from improper handling of objects in memory, allowing remote attackers to execute arbitrary code by accessing an object that was not properly initialized or has been deleted, leading to memory corruption. A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. An attacker could exploit the vulnerability by constructing a specially crafted Web page, potentially gaining the same user rights as the logged-on user. If successfully exploited, an attacker could take complete control of an affected system, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights. **Recommendations** For versions 6 through 8, consider disabling access to specially crafted Web pages until a patch is available. As a temporary workaround, restrict user rights to minimize the risk of exploitation. Avoid viewing untrusted Web pages with Internet Explorer until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** RealPlayer versions 6.0.12.1040 through 6.0.12.1741 RealPlayer versions 11.0.0 through 11.0.4 RealPlayer Enterprise (affected versions not specified) Mac RealPlayer versions 10 and 10.1 Linux RealPlayer version 10 Helix Player versions 10.x **Description** The issue is a stack-based buffer overflow that allows user-assisted remote attackers to execute arbitrary code via a malformed .RJS skin file. This file contains a web.xmb file with crafted length values. **Recommendations** For RealPlayer versions 6.0.12.1040 through 6.0.12.1741, update to a version outside of this range to resolve the issue. For RealPlayer versions 11.0.0 through 11.0.4, update to a version later than 11.0.4 to resolve the issue. For RealPlayer Enterprise, Mac RealPlayer versions 10 and 10.1, Linux RealPlayer version 10, and Helix Player versions 10.x, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Java Runtime Environment (JRE) versions 5.0 through 5.0 Update 21 Java Runtime Environment (JRE) versions 6.0 through 6.0 Update 16 SDK and JRE 1.3.x through 1.3.1 26 SDK and JRE 1.4.x through 1.4.2 23 **Description** The issue is related to a stack-based buffer overflow in the setDiffICM function within the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE). This allows remote attackers to execute arbitrary code via a crafted argument. **Recommendations** For Java Runtime Environment (JRE) versions 5.0 through 5.0 Update 21, update to version 5.0 Update 22 or later. For Java Runtime Environment (JRE) versions 6.0 through 6.0 Update 16, update to version 6.0 Update 17 or later. For SDK and JRE 1.3.x through 1.3.1 26, update to version 1.3.1 27 or later. For SDK and JRE 1.4.x through 1.4.2 23, update to version 1.4.2 24 or later.

**Name of the Vulnerable Software and Affected Versions** Java Runtime Environment (JRE) versions 5.0 through 5.0 Update 21 Java Runtime Environment (JRE) versions 6.0 through 6.0 Update 16 SDK and JRE 1.3.x through 1.3.1 26 SDK and JRE 1.4.x through 1.4.2 23 **Description** The issue is related to a heap-based buffer overflow in the setBytePixels function within the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE). This allows remote attackers to execute arbitrary code via crafted arguments. **Recommendations** For Java Runtime Environment (JRE) versions 5.0 through 5.0 Update 21, update to version 5.0 Update 22 or later. For Java Runtime Environment (JRE) versions 6.0 through 6.0 Update 16, update to version 6.0 Update 17 or later. For SDK and JRE 1.3.x through 1.3.1 26, update to version 1.3.1 27 or later. For SDK and JRE 1.4.x through 1.4.2 23, update to version 1.4.2 24 or later.

**Name of the Vulnerable Software and Affected Versions** Microsoft Office XP SP3 Microsoft Office 2003 SP3 Microsoft Office XP Web Components SP3 Microsoft Office 2003 Web Components SP3 Microsoft Office 2003 Web Components SP1 for the 2007 Microsoft Office System Internet Security and Acceleration (ISA) Server 2004 SP3 Internet Security and Acceleration (ISA) Server 2006 SP1 Microsoft Office Small Business Accounting 2006 **Description** The issue is related to improper memory allocation by the Office Web Components ActiveX Control, allowing remote attackers to execute arbitrary code. This is achieved through unspecified vectors that trigger system state corruption. **Recommendations** For Microsoft Office XP SP3, update to a version that properly allocates memory to prevent arbitrary code execution. For Microsoft Office 2003 SP3, update to a version that properly allocates memory to prevent arbitrary code execution. For Microsoft Office XP Web Components SP3, update to a version that properly allocates memory to prevent arbitrary code execution. For Microsoft Office 2003 Web Components SP3, update to a version that properly allocates memory to prevent arbitrary code execution. For Microsoft Office 2003 Web Components SP1 for the 2007 Microsoft Office System, update to a version that properly allocates memory to prevent arbitrary code execution. For Internet Security and Acceleration (ISA) Server 2004 SP3, update to a version that properly allocates memory to prevent arbitrary code execution. For Internet Security and Acceleration (ISA) Server 2006 SP1, update to a version that properly allocates memory to prevent arbitrary code execution. For Microsoft Office Small Business Accounting 2006, update to a version that properly allocates memory to prevent arbitrary code execution.

**Name of the Vulnerable Software and Affected Versions** Microsoft Office XP SP3 Microsoft Office 2003 SP3 Microsoft Office XP Web Components SP3 Microsoft Office 2003 Web Components SP3 Microsoft Office 2003 Web Components SP1 for the 2007 Microsoft Office System Internet Security and Acceleration (ISA) Server 2004 SP3 Internet Security and Acceleration (ISA) Server 2006 SP1 Microsoft Office Small Business Accounting 2006 **Description** A heap-based buffer overflow issue exists in the Office Web Components ActiveX Control, allowing remote attackers to execute arbitrary code via unspecified parameters to unknown methods. **Recommendations** For Microsoft Office XP SP3, update to a newer version to mitigate the risk. For Microsoft Office 2003 SP3, update to a newer version to mitigate the risk. For Microsoft Office XP Web Components SP3, update to a newer version to mitigate the risk. For Microsoft Office 2003 Web Components SP3, update to a newer version to mitigate the risk. For Microsoft Office 2003 Web Components SP1 for the 2007 Microsoft Office System, update to a newer version to mitigate the risk. For Internet Security and Acceleration (ISA) Server 2004 SP3, update to a newer version to mitigate the risk. For Internet Security and Acceleration (ISA) Server 2006 SP1, update to a newer version to mitigate the risk. For Microsoft Office Small Business Accounting 2006, update to a newer version to mitigate the risk.

Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer versions 5.01 SP4 through 8 Description: The issue arises from the improper handling of attempts to access deleted objects in memory, allowing remote attackers to execute arbitrary code via an HTML document containing embedded style sheets. A remote code execution vulnerability exists in the way Internet Explorer accesses an object that has been deleted. An attacker could exploit the vulnerability by constructing a specially crafted Web page, potentially gaining the same user rights as the logged-on user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. Recommendations: For Microsoft Internet Explorer versions 5.01 SP4 through 8, consider disabling the use of embedded style sheets in HTML documents until a patch is available. Restrict access to Web pages that could potentially exploit this issue to minimize the risk of remote code execution.

Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer 6 SP1 Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2 Internet Explorer 7 and 8 for Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 Description: The issue arises from the improper handling of attempts to access deleted objects in memory, allowing remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption. This can be exploited by constructing a specially crafted Web page, which when viewed by a user, could allow remote code execution. An attacker who successfully exploits this issue could gain the same user rights as the logged-on user, potentially taking complete control of an affected system if the user has administrative rights. This could enable the attacker to install programs, view, change, or delete data, or create new accounts with full user rights. Recommendations: For Microsoft Internet Explorer 6 SP1, update to a version that properly handles memory objects to prevent exploitation. For Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2, apply the necessary patch to fix the memory corruption issue. For Internet Explorer 7 and 8 for Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2, consider disabling the rendering of crafted HTML documents until a patch is available. As a temporary workaround, restrict access to Web pages that could potentially exploit this issue until the vulnerability is patched.