Yag Kohha

**Name of the Vulnerable Software and Affected Versions** LogMeIn Remote Access Utility (affected versions not specified) **Description** The issue allows remote attackers to cause a denial of service by setting the `fgcolor` and `bgcolor` properties to certain long values, triggering memory corruption. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Java Runtime Environment (JRE) version 1.6.0 X **Description** The issue is related to a buffer overflow in the Sun Java Web Start ActiveX control. This occurs when a long argument is passed to the `dnsResolve` method, potentially allowing remote attackers to have an unknown impact. **Recommendations** For Java Runtime Environment (JRE) version 1.6.0 X, consider restricting access to the `dnsResolve` method as a temporary workaround until a patch is available.

Name of the Vulnerable Software and Affected Versions: TeamSpeak WebServer version 2.0 for Windows Description: The issue allows remote attackers to cause a denial of service, consuming CPU and memory, by sending requests with long `username` and `password` parameters to the "login.tscmd" endpoint on TCP port 14534. This is due to the lack of validation of parameter value lengths and the failure to expire TCP sessions. Recommendations: For TeamSpeak WebServer version 2.0 for Windows, consider restricting access to the "login.tscmd" endpoint on TCP port 14534 to minimize the risk of exploitation. As a temporary workaround, restrict the length of `username` and `password` parameters to prevent excessive CPU and memory consumption. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: MDAC versions 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1 ADODB.Connection versions 2.7 and 2.8 Description: The issue is related to the Execute method in the ADODB.Connection ActiveX control objects. It does not properly track freed memory when the second argument is a BSTR. This allows remote attackers to cause a denial of service, such as an Internet Explorer crash, and possibly execute arbitrary code via certain strings in the second and third arguments. Recommendations: For MDAC versions 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1, consider disabling the Execute method in the ADODB.Connection ActiveX control objects until a patch is available. For ADODB.Connection versions 2.7 and 2.8, restrict access to the Execute method to minimize the risk of exploitation.