Rodrigo Rubira Branco

**Name of the Vulnerable Software and Affected Versions** Intel(R) TXT for certain Intel(R) Core Processors and Intel(R) Xeon(R) Processors (affected versions not specified) **Description** The issue is related to insufficient memory protection, which may allow a privileged user to potentially enable escalation of privilege via local access. It is also described as a buffer overflow issue in the microcode of Intel Core and Intel Xeon processors, where exploitation could allow an attacker to elevate their privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Intel(R) SGX for 6th, 7th, 8th, 9th Generation Intel(R) Core(TM) Processor Families Intel(R) Xeon(R) Processor E3-1500 v5, v6 Families Intel(R) Xeon(R) E-2100 & E-2200 Processor Families with Intel(R) Processor Graphics **Description** The issue is related to insufficient access control in the protected memory subsystem, which may allow a privileged user to potentially enable information disclosure via local access. This could lead to the exposure of protected information. **Recommendations** For Intel(R) SGX on 6th, 7th, 8th, 9th Generation Intel(R) Core(TM) Processor Families: update the microcode to ensure proper access control. For Intel(R) Xeon(R) Processor E3-1500 v5, v6 Families: apply the recommended configuration changes to restrict local access. For Intel(R) Xeon(R) E-2100 & E-2200 Processor Families with Intel(R) Processor Graphics: restrict access to sensitive information until a proper fix is applied.

**Name of the Vulnerable Software and Affected Versions** Apple QuickTime versions prior to 7.7.2 **Description** The issue allows remote attackers to execute arbitrary code or cause a denial of service, resulting in memory corruption and application crash, via a crafted .pict file. **Recommendations** For versions prior to 7.7.2, update to version 7.7.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Microsoft Excel versions 2002 SP3 through 2003 SP3 Office versions 2004 through 2008 for Mac Open XML File Format Converter for Mac (affected versions not specified) **Description** A remote code execution issue exists in the way Microsoft Excel handles specially crafted Excel files, potentially allowing an attacker to execute arbitrary code or cause a denial of service due to memory corruption via a crafted HLink record. This could enable an attacker to take complete control of an affected system, install programs, view, change, or delete data, or create new accounts with full user rights. **Recommendations** For Microsoft Excel versions 2002 SP3 through 2003 SP3, update to a version that is not affected by this issue. For Office versions 2004 through 2008 for Mac, update to a version that is not affected by this issue. For Open XML File Format Converter for Mac, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Oracle Solaris versions 8 through 10 **Description** The issue affects confidentiality, integrity, and availability, and is related to the CDE Calendar Manager Service Daemon and RPC. It is claimed by a reliable third party to be a buffer overflow in `rpc.cmsd` via long XDR-encoded ASCII strings in RPC call 10. **Recommendations** For Oracle Solaris versions 8 through 10, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** LiveZilla version 3.2.0.2 **Description** A cross-site scripting (XSS) issue exists in the lz tracking set sessid function, allowing remote attackers to inject arbitrary web script or HTML via the `livezilla` parameter in a track action to "server.php". **Recommendations** For LiveZilla version 3.2.0.2, consider disabling the `lz tracking set sessid` function until a patch is available. Restrict access to the "server.php" endpoint to minimize the risk of exploitation. Avoid using the `livezilla` parameter in the track action until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Radius Manager version 3.8.0 **Description** The issue allows remote authenticated administrators to inject arbitrary web script or HTML. This can be achieved via the `name` or `descr` parameter in an "update usergroup" or "store nas" action to "admin.php". **Recommendations** For Radius Manager version 3.8.0, consider restricting access to the "admin.php" endpoint until a patch is available, and avoid using the `name` and `descr` parameters in the "update usergroup" and "store nas" actions to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Internet Explorer versions 6 through 8 **Description** A remote code execution issue exists due to improper handling of objects in memory when using Microsoft Word to read Word documents. This allows attackers to execute arbitrary code by accessing an object that was not properly initialized or has been deleted, leading to memory corruption. An attacker could exploit this by convincing a user to view a specially crafted Word document, potentially gaining the same user rights as the logged-on user. If the user has administrative rights, the attacker could take complete control of the system, allowing them to install programs, view, change, or delete data, or create new accounts with full user rights. **Recommendations** For Microsoft Internet Explorer versions 6 through 8, consider restricting the use of Microsoft Word to read Word documents until a patch is available. As a temporary workaround, avoid viewing specially crafted Word documents to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Apple Mac OS X versions 10.5.8 through 10.6.4 **Description** The issue allows remote attackers to execute arbitrary code or cause a denial of service via a crafted PDF file. This is due to a heap-based buffer overflow in CoreGraphics. **Recommendations** For Apple Mac OS X versions 10.5.8 through 10.6.4, update to a version that contains a fix for this issue to prevent remote attackers from executing arbitrary code or causing a denial of service.

**Name of the Vulnerable Software and Affected Versions** IBM AIX versions 6.1, 5.3 and earlier IBM VIOS versions 2.1, 1.5 and earlier NFS/ONCplus B.11.31 09 and earlier on HP HP-UX versions B.11.11, B.11.23, and B.11.31 SGI IRIX version 6.5 **Description** The issue allows remote attackers to execute arbitrary code via an RPC request containing format string specifiers in an invalid directory name. This is due to a format string vulnerability in the msgout function in rpc.pcnfsd. **Recommendations** For IBM AIX versions 6.1, 5.3 and earlier, update to a version that fixes the format string vulnerability in the msgout function. For IBM VIOS versions 2.1, 1.5 and earlier, update to a version that fixes the format string vulnerability in the msgout function. For NFS/ONCplus B.11.31 09 and earlier on HP HP-UX versions B.11.11, B.11.23, and B.11.31, update to a version that fixes the format string vulnerability in the msgout function. For SGI IRIX version 6.5, update to a version that fixes the format string vulnerability in the msgout function.

**Name of the Vulnerable Software and Affected Versions** GhostScript versions 8.64 through 8.70 **Description** A stack-based buffer overflow in the parser function allows context-dependent attackers to execute arbitrary code via a crafted PostScript file. **Recommendations** For GhostScript versions 8.64 through 8.70, update to a version that contains a fix for this issue to prevent arbitrary code execution.

**Name of the Vulnerable Software and Affected Versions** IBM AIX versions 5.x through 5.3.10 IBM AIX versions 6.x through 6.1.3 VIOS versions 2.1 and earlier **Description** A stack-based buffer overflow issue exists in the libcsa.a library, which is part of the calendar daemon. This issue can be exploited by remote attackers who send a long XDR string in the first argument to procedure 21 of rpc.cmsd, allowing them to execute arbitrary code. **Recommendations** For IBM AIX versions 5.x through 5.3.10, update to a version later than 5.3.10 to resolve the issue. For IBM AIX versions 6.x through 6.1.3, update to a version later than 6.1.3 to resolve the issue. For VIOS versions 2.1 and earlier, update to a version later than 2.1 to resolve the issue. As a temporary workaround, consider restricting access to the rpc.cmsd procedure 21 to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** DragonFlyBSD (affected versions not specified) FreeBSD version 5.5 MidnightBSD versions prior to 0.1-CURRENT 20061115 NetBSD versions prior to 4.0 20061203 NetBSD-current versions prior to 20061116 TrustedBSD (affected versions not specified) **Description** The issue is caused by an integer signedness error in the `fw ioctl` function, specifically when handling certain negative values of `crom buf->len` in an `FW GCROM` command. This allows local users to read arbitrary memory contents. **Recommendations** For DragonFlyBSD, at the moment, there is no information about a newer version that contains a fix for this issue. For FreeBSD version 5.5, at the moment, there is no information about a newer version that contains a fix for this issue. For MidnightBSD versions prior to 0.1-CURRENT 20061115, at the moment, there is no information about a newer version that contains a fix for this issue. For NetBSD versions prior to 4.0 20061203, at the moment, there is no information about a newer version that contains a fix for this issue. For NetBSD-current versions prior to 20061116, at the moment, there is no information about a newer version that contains a fix for this issue. For TrustedBSD, at the moment, there is no information about a newer version that contains a fix for this issue.