Yuji Ukai

**Name of the Vulnerable Software and Affected Versions** Corega CG-WLBARAGM devices (affected versions not specified) **Description** The issue allows remote attackers to cause a denial of service, resulting in a reboot of the device, via unspecified vectors. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Kingsoft Writer versions 2007 through 2010 before 2724 **Description** A buffer overflow issue allows remote attackers to execute arbitrary code via a crafted RTF document. **Recommendations** For Kingsoft Writer versions 2007 through 2010 before 2724, update to version 2724 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Yamaha RTX, RT, SRT, RTV, RTW, and RTA series routers versions 6.x through 10.x NEC IP38X series routers versions 6.x through 10.x **Description** The issue is related to the improper handling of IP header options, which can be exploited by remote attackers to cause a denial of service. This is achieved by sending a crafted option that triggers access to an invalid memory location, resulting in a device reboot. **Recommendations** For Yamaha RTX, RT, SRT, RTV, RTW, and RTA series routers versions 6.x through 10.x, update the firmware to a version that properly handles IP header options. For NEC IP38X series routers versions 6.x through 10.x, update the firmware to a version that properly handles IP header options. As a temporary workaround, consider restricting access to the network to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Cisco Linksys WRT54GC router versions prior to 1.06.1 **Description** The issue is related to a buffer overflow in the web-based management interface. This can be exploited by remote attackers who send a long string in a POST request, resulting in a denial of service where the device crashes. **Recommendations** For versions prior to 1.06.1, update the firmware to version 1.06.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the web-based management interface to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Winny versions 2.0b7.1 and earlier **Description** The issue is related to the improper processing of BBS information, which can be exploited remotely. This might allow attackers to use the product's host for DDoS attacks. **Recommendations** For versions 2.0b7.1 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** JustSystems Corporation Ichitaro versions 13, 2004 through 2009 JustSystems Corporation Ichitaro Viewer 2009 version 19.0.1.0 and earlier **Description** The issue allows context-dependent attackers to execute arbitrary code via a crafted Rich Text File (RTF), related to "pvpara ffooter." **Recommendations** For JustSystems Corporation Ichitaro versions 13, 2004 through 2009, avoid using the software to open crafted Rich Text Files until a fix is available. For JustSystems Corporation Ichitaro Viewer 2009 version 19.0.1.0 and earlier, consider restricting the use of the viewer for RTF files until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: Microsoft Office versions 2000 SP3 through 2007 SP1 Works versions 8.5 through 9 Description: A buffer overflow issue exists in the Works for Windows document converters, allowing remote attackers to execute arbitrary code via a crafted Works .wps file. This could trigger memory corruption. The vulnerability could allow remote code execution if a user opens a specially crafted .wps file. Users with fewer user rights on the system could be less impacted than users who operate with administrative user rights. Recommendations: For Microsoft Office 2000 SP3, update to a version that includes the fix for this issue. For Microsoft Office XP SP3, update to a version that includes the fix for this issue. For Microsoft Office 2003 SP3, update to a version that includes the fix for this issue. For Microsoft Office 2007 SP1, update to a version that includes the fix for this issue. For Works 8.5 and 9, update to a version that includes the fix for this issue. As a temporary workaround, consider avoiding the use of the Works for Windows document converters to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Becky! Internet Mail versions 2.48.02 and earlier **Description** A buffer overflow issue allows remote attackers to execute arbitrary code via a mail message with a crafted return receipt request. **Recommendations** For versions 2.48.02 and earlier, update to a version later than 2.48.02 to resolve the issue.

Name of the Vulnerable Software and Affected Versions: SOURCENEXT Virus Security ZERO versions 9.5.0173 and earlier SOURCENEXT Virus Security versions 9.5.0173 and earlier Description: The issue allows remote attackers to cause a denial of service, potentially leading to memory consumption or application crash, via malformed compressed files. Recommendations: For SOURCENEXT Virus Security ZERO versions 9.5.0173 and earlier, update to a version later than 9.5.0173 to resolve the issue. For SOURCENEXT Virus Security versions 9.5.0173 and earlier, update to a version later than 9.5.0173 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Juniper NetScreen IVE device versions prior to 4.2r8.1 Juniper NetScreen IVE device versions 5.0 prior to 5.0r6.1 Juniper NetScreen IVE device versions 5.1 prior to 5.1r8 Juniper NetScreen IVE device versions 5.2 prior to 5.2r4.1 Juniper NetScreen IVE device versions 5.3 prior to 5.3r2.1 **Description** A buffer overflow issue exists in the JuniperSetupDLL.dll, which is loaded by the Juniper SSL-VPN Client when accessing a Juniper NetScreen IVE device. This issue allows remote attackers to execute arbitrary code via a long argument in the `ProductName` parameter. **Recommendations** For versions prior to 4.2r8.1, update to version 4.2r8.1 or later. For versions 5.0 prior to 5.0r6.1, update to version 5.0r6.1 or later. For versions 5.1 prior to 5.1r8, update to version 5.1r8 or later. For versions 5.2 prior to 5.2r4.1, update to version 5.2r4.1 or later. For versions 5.3 prior to 5.3r2.1, update to version 5.3r2.1 or later.

**Name of the Vulnerable Software and Affected Versions** Windows NT Windows 2000 through SP4 Windows XP through SP1 Windows 2003 **Description** The issue allows remote attackers to execute arbitrary code via the AnimationHeaderBlock length field, leading to a stack-based buffer overflow in the Windows Animated Cursor (ANI) capability. **Recommendations** For Windows NT, consider applying security patches or updates to fix the issue. For Windows 2000 through SP4, update to a newer service pack or apply a security patch. For Windows XP through SP1, update to a newer service pack or apply a security patch. For Windows 2003, consider applying security patches or updates to fix the issue.

**Name of the Vulnerable Software and Affected Versions** Windows NT 4.0 Windows 2000 Windows XP Windows Server 2003 **Description** The issue arises from the improper validation of certain SMB packets in the Server Message Block implementation. This allows remote attackers to execute arbitrary code via Transaction responses containing Trans or Trans2 commands. Specifically, it can be exploited using Trans2 FIND FIRST2 responses with large file name length fields. **Recommendations** For Windows NT 4.0, consider disabling SMB services until a fix is available. For Windows 2000, restrict access to the Trans and Trans2 commands to minimize the risk of exploitation. For Windows XP, avoid using the Trans2 FIND FIRST2 response with large file name length fields in SMB packets until the issue is resolved. For Windows Server 2003, as a temporary workaround, consider limiting the file name length fields in Trans2 responses to prevent arbitrary code execution.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows XP Microsoft Windows XP 64-bit Edition Microsoft Windows Server 2003 Microsoft Windows Server 2003 64-bit Edition **Description** The issue is related to an integer overflow in DUNZIP32.DLL, which allows remote attackers to execute arbitrary code. This is made possible by compressed (zipped) folders that involve an "unchecked buffer" and improper length validation. **Recommendations** For Microsoft Windows XP, consider applying security updates or patches to resolve the issue. For Microsoft Windows XP 64-bit Edition, apply the relevant security fixes to prevent exploitation. For Microsoft Windows Server 2003, ensure that all security patches are applied to mitigate the risk. For Microsoft Windows Server 2003 64-bit Edition, update with the latest security updates to fix the issue.

**Name of the Vulnerable Software and Affected Versions** Windows NT 4.0 Windows 2000 Windows XP **Description** The issue is related to multiple integer overflows in the Microsoft ASN.1 library, which can be exploited by remote attackers to execute arbitrary code. This is achieved through ASN.1 BER encodings with very large length fields, causing arbitrary heap data to be overwritten, or through modified bit strings. **Recommendations** For Windows NT 4.0, apply the necessary patch to fix the integer overflows in the Microsoft ASN.1 library. For Windows 2000, apply the necessary patch to fix the integer overflows in the Microsoft ASN.1 library. For Windows XP, apply the necessary patch to fix the integer overflows in the Microsoft ASN.1 library.

Name of the Vulnerable Software and Affected Versions: Windows Workstation Service (WKSSVC.DLL) (affected versions not specified) Description: The issue is related to a stack-based buffer overflow in a logging function. This allows remote attackers to execute arbitrary code via RPC calls that cause long entries to be written to a debug log file, specifically "NetSetup.LOG". The NetAddAlternateComputerName API is used to demonstrate this. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Microsoft Visual Basic for Applications (VBA) SDK versions 5.0 through 6.3 Description: A heap-based buffer overflow issue exists, allowing remote attackers to execute arbitrary code via a document with a long `ID` parameter. Recommendations: For Microsoft Visual Basic for Applications (VBA) SDK versions 5.0 through 6.3, at the moment, there is no information about a newer version that contains a fix for this issue.