Alexander Gavrun

**Name of the Vulnerable Software and Affected Versions** IBM SPSS SamplePower version 3.0 before FP1 **Description** The issue is related to a buffer overflow in the vsflex7l ActiveX control, which allows remote attackers to execute arbitrary code. **Recommendations** For IBM SPSS SamplePower version 3.0, apply the fix provided in FP1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** IBM SPSS SamplePower version 3.0 **Description** The issue is related to a buffer overflow in the c1sizer ActiveX control, which can be exploited to execute arbitrary code. This is achieved by providing a long `TabCaption` string. **Recommendations** For IBM SPSS SamplePower version 3.0, apply the fix provided in FP1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** IBM SPSS SamplePower version 3.0 before FP1 **Description** The issue concerns buffer overflows in the Vsflex8l ActiveX control. Remote attackers can execute arbitrary code by providing a long value for either the `ComboList` or `ColComboList` property. **Recommendations** For IBM SPSS SamplePower version 3.0 before FP1, apply the FP1 patch to resolve the issue. As a temporary workaround, consider restricting access to the Vsflex8l ActiveX control to minimize the risk of exploitation. Avoid using long values for the `ComboList` or `ColComboList` properties in the affected ActiveX control until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Apple QuickTime versions prior to 7.7.3 **Description** The issue allows remote attackers to execute arbitrary code or cause a denial of service via a crafted transform attribute in a `text3GTrack` element in a QuickTime TeXML file. **Recommendations** For versions prior to 7.7.3, update to version 7.7.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Microsoft Visio versions 2010 SP1 Microsoft Visio Viewer versions 2010 SP1 **Description** This issue allows remote attackers to execute arbitrary code via a crafted Visio file. It is a remote code execution vulnerability that enables an attacker to run arbitrary code as the current user. If the current user has administrative user rights, an attacker could take complete control of the affected system, allowing them to install programs, view, change, or delete data, or create new accounts with full user rights. Users with fewer user rights on the system could be less impacted than those operating with administrative user rights. **Recommendations** For Microsoft Visio version 2010 SP1, update to a version that is not affected by this issue. For Microsoft Visio Viewer version 2010 SP1, update to a version that is not affected by this issue. As a temporary workaround, consider avoiding the use of crafted Visio files until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Apple QuickTime versions prior to 7.7.2 **Description** The issue is related to a heap-based buffer overflow that can be triggered by a crafted text track in a movie file, allowing remote attackers to execute arbitrary code or cause the application to crash. **Recommendations** For versions prior to 7.7.2, update to version 7.7.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple QuickTime versions prior to 7.7.2 **Description** The issue is related to multiple stack-based buffer overflows that can be triggered via crafted TeXML files, potentially allowing remote attackers to execute arbitrary code or cause a denial of service, such as an application crash. The vulnerability is exploited through the parsing of specific elements in TeXML files, including sampleData, transform attributes, Karaoke elements, and Style elements. **Recommendations** For Apple QuickTime versions prior to 7.7.2, update to version 7.7.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** LibTIFF versions prior to 4.0.2 **Description** The issue is related to multiple integer overflows in the tiff getimage.c file of LibTIFF, which can be exploited remotely. This can lead to the execution of arbitrary code via a crafted tile size in a TIFF file, resulting in a heap-based buffer overflow. The exploitation of these issues can compromise the confidentiality, integrity, and availability of protected information. **Recommendations** For versions prior to 4.0.2, update to version 4.0.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of LibTIFF until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** WebKit versions prior to 5.1 **Description** The issue allows remote attackers to execute arbitrary code or cause a denial of service, resulting in memory corruption and application crash, via a crafted web site. This is a different issue than other WebKit vulnerabilities. **Recommendations** For WebKit versions prior to 5.1, update to version 5.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows versions prior to the fixed version **Description** A buffer overflow issue exists in the way the msvcrt DLL calculates buffer size, allowing remote code execution when a user opens a specially crafted media file. This could give an attacker complete control of the system if the user has administrative rights, enabling them to install programs, view, change, or delete data, or create new accounts. Users with fewer user rights may be less impacted. **Recommendations** For Microsoft Windows versions prior to the fixed version, apply the necessary patch to resolve the buffer overflow issue in msvcrt.dll. As a temporary workaround, consider restricting the use of Microsoft Windows Media Player to minimize the risk of exploitation.