Yamata Li

**Nome do software vulnerável e versões afetadas: Versões 8.0 do PAN-OS Versões do PAN-OS 8.1 anteriores à 8.1.15 Versões do PAN-OS 9.0 anteriores à 9.0.9 Versões do PAN-OS 9.1 anteriores à 9.1.3 Descrição: Uma vulnerabilidade de estouro de buffer no PAN-OS está relacionada à falta de verificação do tamanho dos dados de entrada. Esse problema pode ser explorado por um invasor não autenticado para interromper processos do sistema e, potencialmente, executar código arbitrário com privilégios de root, enviando uma solicitação maliciosa para a interface “Captive Portal” ou “Autenticação Multifatorial”. Recomendações: Para o PAN-OS versão 8.0, atualize para uma versão posterior à 8.0. Para versões do PAN-OS 8.1 anteriores à 8.1.15, atualize para a versão 8.1.15 ou posterior. Para versões do PAN-OS 9.0 anteriores à 9.0.9, atualize para a versão 9.0.9 ou posterior. Para versões do PAN-OS 9.1 anteriores à 9.1.3, atualize para a versão 9.1.3 ou posterior.

**Nome do software vulnerável e versões afetadas** Versões do Palo Alto Networks PAN-OS anteriores à 8.1.16 Versões do Palo Alto Networks PAN-OS 9.0 anteriores à 9.0.10 Versões do Palo Alto Networks PAN-OS 9.1 anteriores à 9.1.3 **Descrição** Pode ocorrer uma exposição de informações por meio de uma vulnerabilidade no arquivo de log, na qual a senha de um administrador ou outras informações confidenciais são registradas em texto simples durante o uso da CLI no software Palo Alto Networks PAN-OS. O arquivo opcmdhistory.log, que rastreia o uso de comandos operacionais, não ocultava todas as informações confidenciais. Este problema foi resolvido no PAN-OS 9.1 e versões posteriores, nas quais o arquivo opcmdhistory.log foi removido e o uso de comandos é registrado no arquivo req stats.log. **Recomendações** Para versões do PAN-OS 8.1 anteriores à 8.1.16, atualize para o PAN-OS 8.1.16 ou posterior. Para versões do PAN-OS 9.0 anteriores à 9.0.10, atualize para o PAN-OS 9.0.10 ou posterior. Para versões do PAN-OS 9.1 anteriores à 9.1.3, atualize para o PAN-OS 9.1.3 ou posterior.

**Nome do software vulnerável e versões afetadas** Versões do PAN-OS anteriores à 9.1.3 Versões do PAN-OS anteriores à 8.1.15 Versões do PAN-OS anteriores à 9.0.9 PAN-OS 8.0 (todas as versões) PAN-OS 7.1 (todas as versões) **Descrição** Uma vulnerabilidade de injeção de comando no sistema operacional no portal GlobalProtect permite que um invasor não autenticado, baseado na rede, execute comandos arbitrários do sistema operacional com privilégios de root. O invasor precisa ter algum conhecimento sobre o firewall ou pode realizar ataques de força bruta para explorar essa vulnerabilidade. Essa vulnerabilidade não pode ser explorada se o recurso do portal GlobalProtect não estiver habilitado. A Palo Alto Networks não tem conhecimento de nenhuma tentativa maliciosa de explorar essa vulnerabilidade. **Recomendações** Para versões do PAN-OS 9.1 anteriores à 9.1.3, atualize para a versão 9.1.3 ou posterior. Para versões do PAN-OS 8.1 anteriores à 8.1.15, atualize para a versão 8.1.15 ou posterior. Para versões do PAN-OS 9.0 anteriores à 9.0.9, atualize para a versão 9.0.9 ou posterior. Para o PAN-OS 8.0 e o PAN-OS 7.1, considere atualizar para uma versão mais recente do PAN-OS que não seja vulnerável a este problema. Como solução alternativa temporária, considere desativar o recurso do portal GlobalProtect até que um patch esteja disponível.

**Name of the Vulnerable Software and Affected Versions** Microsoft Office versions XP SP3, 2003 SP3 **Description** A buffer overflow issue exists in the way Microsoft Office handles CGM image files, allowing remote attackers to execute arbitrary code via a crafted CGM image in an Office document. This could enable an attacker to take complete control of an affected system, install programs, view, change, or delete data, or create new accounts with full user rights. Users with fewer user rights on the system could be less impacted than those operating with administrative user rights. **Recommendations** For Microsoft Office XP SP3, update to a version that fixes the buffer overflow issue in the CGM image converter. For Microsoft Office 2003 SP3, update to a version that fixes the buffer overflow issue in the CGM image converter. As a temporary workaround, consider avoiding the use of CGM image files in Office documents until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Microsoft Office XP SP3 Microsoft Office 2003 SP3 Microsoft Office Converter Pack **Description** The issue is related to an integer overflow in the PICT image converter, allowing remote attackers to execute arbitrary code via a crafted PICT image in an Office document. A remote code execution vulnerability exists in the way that Microsoft Office allocates buffer size when handling PICT image files. If a user opens an Office document containing a specially crafted PICT image, an attacker could take complete control of an affected system, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights. **Recommendations** For Microsoft Office XP SP3, update to a version that fixes the integer overflow in the PICT image converter. For Microsoft Office 2003 SP3, update to a version that fixes the integer overflow in the PICT image converter. For Microsoft Office Converter Pack, update to a version that fixes the integer overflow in the PICT image converter. As a temporary workaround, consider avoiding the use of PICT image files in Office documents until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows versions prior to the fixed version **Description** A remote code execution issue exists in the way Microsoft MPEG Layer-3 codecs handle AVI media files. This could allow remote code execution if a user opens a specially crafted AVI file containing an MPEG Layer-3 audio stream. If a user is logged on with administrative user rights, an attacker who successfully exploits this issue could take complete control of an affected system, allowing them to install programs, view, change, or delete data, or create new accounts with full user rights. Users with fewer user rights on the system could be less impacted than users operating with administrative user rights. **Recommendations** For Microsoft Windows versions prior to the fixed version, apply the necessary patch to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Microsoft DirectX versions 7.0 through 9.0c Description: The issue arises from the QuickTime Movie Parser Filter in quartz.dll, which fails to properly validate size fields in QuickTime media files. This allows remote attackers to execute arbitrary code via a crafted file. Recommendations: For Microsoft DirectX versions 7.0 through 9.0c, consider updating to a newer version to mitigate the risk of exploitation. As a temporary workaround, restrict the use of the QuickTime Movie Parser Filter in DirectShow to minimize the risk of arbitrary code execution.

Name of the Vulnerable Software and Affected Versions: Microsoft DirectX versions 7.0 through 9.0c Description: The issue concerns the QuickTime Movie Parser Filter in quartz.dll, which is part of DirectShow in Microsoft DirectX. It allows remote attackers to execute arbitrary code via a crafted QuickTime media file due to improper validation of unspecified data values when updating pointers. Recommendations: For Microsoft DirectX versions 7.0 through 9.0c, consider restricting the use of the QuickTime Movie Parser Filter until a patch is available. As a temporary workaround, avoid using the affected filter to parse QuickTime media files.

**Name of the Vulnerable Software and Affected Versions** Microsoft Internet Information Services (IIS) 5.0 on Windows 2000 SP4 **Description** The issue concerns the WebDAV extension in Microsoft Internet Information Services (IIS) 5.0, which fails to properly decode URLs. This allows remote attackers to bypass authentication and potentially read or create files by sending a crafted HTTP request. **Recommendations** For Microsoft Internet Information Services (IIS) 5.0 on Windows 2000 SP4, consider disabling the WebDAV extension as a temporary workaround until a patch is available. Restrict access to sensitive files and directories to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Microsoft Agent version 2.0.0.3425 Description: A stack-based buffer overflow issue exists in the way Microsoft Agent handles certain specially crafted URLs, allowing remote attackers to execute arbitrary code. This issue is triggered via a crafted URL to the Agent (Agent.Control) ActiveX control, leading to an overflow within the Agent Service (agentsrv.exe) process. Users with fewer user rights on the system could be less impacted than those operating with administrative user rights. Recommendations: For Microsoft Agent version 2.0.0.3425, consider restricting access to the Agent Service (agentsrv.exe) process until a patch is available. As a temporary workaround, avoid using the Agent (Agent.Control) ActiveX control with crafted URLs.