Adriel T. Desautels

Name of the Vulnerable Software and Affected Versions: Apple Core Image Fun House version 2.0 and earlier Description: The issue allows user-assisted attackers to execute arbitrary code or cause a denial of service via a .funhouse file with a string XML element that contains many characters. This is due to a buffer overflow in Apple Core Image Fun House. Recommendations: For Apple Core Image Fun House version 2.0 and earlier, update to a version later than 2.0 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Maia Mailguard versions 1.0.2 and earlier **Description** The issue allows remote attackers to read arbitrary files due to multiple directory traversal vulnerabilities. This can be achieved by including a .. (dot dot) in various parameters to specific API endpoints, such as the `prevlang` and `super` parameters to "php/login.php", the `charset` parameter to "php/login.php", "php/internal-init.php", and "php/xlogin.php", the `lang` parameter to "php/internal-init.php", and the `language` parameter to "php/xlogin.php". **Recommendations** For Maia Mailguard versions 1.0.2 and earlier, consider restricting access to the affected API endpoints, such as "php/login.php", "php/internal-init.php", and "php/xlogin.php", until a patch is available. As a temporary workaround, avoid using the `prevlang`, `super`, `charset`, `lang`, and `language` parameters in the affected endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apple OS X (affected versions not specified) **Description** A buffer overflow issue exists in the kextload component of Apple OS X, which is utilized by TDIXSupport in Roxio Toast Titanium and possibly other products. This issue allows local users to execute arbitrary code by providing a long extension argument. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Deja Vu as used in Roxio Toast Titanium version 7 **Description** A race condition issue exists, allowing local users to execute arbitrary code via temporary files, including dejavu manual.rb, which are executed with raised privileges. **Recommendations** For Deja Vu as used in Roxio Toast Titanium version 7, consider restricting access to temporary files, including dejavu manual.rb, to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Apple OS X (affected versions not specified) Description: The issue is related to a format string vulnerability in the prelink.c file of kextload, which is used by TDIXSupport in Roxio Toast Titanium and possibly other products. This vulnerability allows local users to execute arbitrary code via format string specifiers in the extension argument. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.