Sowhat

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows XP versions SP2 through SP3 Microsoft Windows Vista versions Gold through SP1 **Description** A remote code execution issue exists in the Bluetooth stack due to incorrect handling of a large number of service description requests. This could allow an attacker to run code with elevated privileges, potentially taking complete control of an affected system. The attacker could then install programs, view, change, or delete data, or create new accounts with full user rights. **Recommendations** For Microsoft Windows XP versions SP2 through SP3, update to a version that correctly handles service description requests to prevent exploitation. For Microsoft Windows Vista versions Gold through SP1, update to a version that correctly handles service description requests to prevent exploitation. As a temporary workaround, consider disabling Bluetooth functionality until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Microsoft Malware Protection Engine versions 1.1.3520.0 and 0.1.13.192 **Description** The issue allows context-dependent attackers to cause a denial of service, specifically disk space exhaustion, by utilizing a file with crafted data structures. This triggers the creation of large temporary files. **Recommendations** For version 1.1.3520.0, update to a version that addresses the issue. For version 0.1.13.192, update to a version that addresses the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Malware Protection Engine versions 1.1.3520.0 and 0.1.13.192 **Description** The issue allows context-dependent attackers to cause a denial of service, resulting in the engine hanging and restarting, via a crafted file. **Recommendations** For version 1.1.3520.0, update to a version that contains a fix for this issue. For version 0.1.13.192, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apple QuickTime versions prior to 7.1.5 **Description** The issue is related to an integer overflow that can be triggered by a crafted QuickTime movie containing a User Data Atom (UDTA) with a large value in the Atom size field. This can cause a denial of service (crash) and potentially allow the execution of arbitrary code. **Recommendations** For versions prior to 7.1.5, update to version 7.1.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Office (affected versions not specified) **Description** A remote code execution issue exists due to the way Office handles files with malformed records. An attacker could exploit this when Office parses such a file, potentially leading to remote code execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apple QuickTime versions prior to 7.1.3 **Description** The issue is related to an integer overflow in Apple QuickTime, which allows remote attackers to execute arbitrary code via a crafted H.264 movie file. A local overflow exists due to the program's failure to validate H.264 movie files, resulting in an integer or buffer overflow. This can be exploited with a specially crafted file, leading to arbitrary code execution and a loss of integrity. **Recommendations** For Apple QuickTime versions prior to 7.1.3, update to version 7.1.3 or later to resolve the issue. As a temporary workaround, consider avoiding the use of H.264 movie files until the update is applied. Restrict access to untrusted H.264 movie files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Apple QuickTime versions prior to 7.1.3 **Description** The issue is related to an integer overflow that occurs when handling crafted H.264 movie files. This allows remote attackers to execute arbitrary code, potentially leading to a loss of integrity. The problem arises from the program's failure to properly validate H.264 movie files, resulting in a buffer or integer overflow. **Recommendations** For Apple QuickTime versions prior to 7.1.3, update to version 7.1.3 or later to resolve the issue. As a temporary workaround, consider avoiding the use of H.264 movie files until the update is applied. Restrict access to potentially malicious movie files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Microsoft PowerPoint versions 2000 through 2003 **Description** A remote code execution issue exists in PowerPoint, potentially due to a buffer overflow, which could be exploited when a file containing a malformed record is parsed by PowerPoint. This could occur through a specially crafted PowerPoint file, possibly included in an e-mail attachment or hosted on a malicious web site, allowing an attacker to execute arbitrary commands. **Recommendations** For Microsoft PowerPoint versions 2000 through 2003, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Excel versions 2000 through 2004 **Description** A remote code execution issue exists due to the processing of a malformed OBJECT record in Excel. This allows an attacker to execute arbitrary code via a specially crafted .xls file. An attacker could exploit this by constructing a malicious Excel file, potentially leading to remote code execution. **Recommendations** For Microsoft Excel versions 2000 through 2004, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Magic ISO version 5.0 Build 0166 **Description** A directory traversal issue allows remote attackers to write arbitrary files by including a .. (dot dot) in a filename within an ISO image. **Recommendations** For Magic ISO version 5.0 Build 0166, consider updating to a newer version that addresses this issue, if available. As a temporary workaround, restrict the ability to create or modify ISO images to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** UltraISO version 8.0.0.1392 **Description** The issue allows remote attackers to write arbitrary files via a .. (dot dot) in a filename in an ISO image, potentially leading to unauthorized file system modifications. **Recommendations** For UltraISO version 8.0.0.1392, consider avoiding the use of ISO images from untrusted sources until a patch is available. As a temporary workaround, restrict access to sensitive file systems to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** PowerISO version 2.9 **Description** A directory traversal issue allows remote attackers to write arbitrary files by including a .. (dot dot) in a filename within an ISO image. **Recommendations** For PowerISO version 2.9, update to a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Microsoft Internet Explorer versions 5.01 through 6 **Description** A remote code execution issue exists due to the way Internet Explorer handles double-byte characters in specially crafted URLs. This could allow an attacker to execute arbitrary code via a crafted URL with an International Domain Name (IDN) using double-byte character sets (DBCS). An attacker could exploit this by constructing a malicious Web page, potentially allowing remote code execution if a user visits the site. A successful exploitation could give the attacker complete control of the affected system. **Recommendations** For Microsoft Internet Explorer versions 5.01 through 6, consider avoiding the use of double-byte characters in URLs until a patch is available. As a temporary workaround, restrict access to potentially malicious websites to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** RealPlayer versions 6.0.12.1040 through 6.0.12.1348 RealPlayer 10 RealOne Player v2 RealOne Player v1 RealPlayer 8 RealPlayer Enterprise before 20060322 **Description** A buffer overflow issue exists, allowing remote attackers to have an unknown impact via a malicious Mimio boardCast (mbc) file. **Recommendations** For RealPlayer versions 6.0.12.1040 through 6.0.12.1348, update to a version outside of this range to resolve the issue. For RealPlayer 10, consider upgrading to a newer version to mitigate the risk. For RealOne Player v2 and RealOne Player v1, restrict the use of malicious Mimio boardCast (mbc) files until a patch is available. For RealPlayer 8, avoid using the vulnerable component until a fix is provided. For RealPlayer Enterprise before 20060322, update to a version 20060322 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** RealPlayer versions 10.x RealOne Player (affected versions not specified) Rhapsody version 3 Helix Player (affected versions not specified) **Description** The issue is related to a buffer overflow in the swfformat.dll component. This can be exploited by remote attackers through a crafted SWF (Flash) file, allowing them to execute arbitrary code. The exploitation can occur via a size value in the SWF file that is less than the actual size, or through other unspecified manipulations of the file. **Recommendations** For RealPlayer version 10.x, update to a version that includes a fix for the buffer overflow in swfformat.dll. For RealOne Player, Rhapsody version 3, and Helix Player, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WinAmp (affected versions not specified) **Description** A remote overflow issue exists due to the application's failure to perform proper bounds checking, resulting in a buffer overflow. This can be triggered by a specially crafted *.m3u and/or *.pls file with an ending filename having the *.wma extension. A remote attacker can cause arbitrary code execution or crash the application, leading to a loss of integrity and/or availability. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WinEggDropShell remote access trojan (RAT) version 1.7 **Description** The issue allows remote attackers to execute arbitrary code due to multiple buffer overflows. This can be achieved via a long GET request to the "HTTP server" endpoint, or a long `USER` or `PASS` command to the "FTP server" endpoint. **Recommendations** For WinEggDropShell remote access trojan (RAT) version 1.7, consider disabling the HTTP server and FTP server until a patch is available to prevent exploitation. Restrict access to the `USER` and `PASS` commands in the FTP server to minimize the risk of arbitrary code execution. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** BNBT EasyTracker versions 7.7r3.2004.10.27 and earlier **Description** The issue allows remote attackers to cause a denial of service, resulting in an application hang. This can be achieved by sending an HTTP header that contains only a colon (:), which may lead to an integer signedness error due to the absence of a field name or value. **Recommendations** For BNBT EasyTracker versions 7.7r3.2004.10.27 and earlier, consider updating to a newer version that addresses this issue. As a temporary workaround, restrict access to the HTTP header processing functionality to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** LeapFTP (affected versions not specified) **Description** The issue is related to a buffer overflow that allows remote attackers to execute arbitrary code. This is achieved by using a long Host string in a Site Queue (.lsq) file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Oray PeanutHull versions 3.0.1.0 and earlier **Description** The issue allows local users to gain privileges by accessing the Help functionality due to the software not properly dropping SYSTEM privileges when launched from the system tray. **Recommendations** For Oray PeanutHull versions 3.0.1.0 and earlier, consider restricting access to the Help functionality until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.