Beenu Arora

**Name of the Vulnerable Software and Affected Versions** Microsoft Visio version 2003 SP3 **Description** The issue allows local users to gain privileges via a Trojan horse `mfc71enu.dll` file in the current working directory. This can be demonstrated by a directory that contains a .vsd, .vdx, .vst, or .vtx file. A remote code execution vulnerability exists in the way that Microsoft Visio handles the loading of DLL files, which could allow an attacker to take complete control of an affected system, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights. **Recommendations** For Microsoft Visio version 2003 SP3, as a temporary workaround, consider restricting access to the `mfc71enu.dll` file until a patch is available. Avoid using directories that contain .vsd, .vdx, .vst, or .vtx files in the current working directory to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows Progman Group Converter (affected versions not specified) **Description** The issue allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks. This is achieved via a Trojan horse imm.dll located in the same folder as a .grp file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows Vista SP1 and SP2 **Description** The issue allows local users to gain privileges via a Trojan horse `fveapi.dll` file in the current working directory. A remote code execution vulnerability exists in the way that the Microsoft Windows Backup Manager handles the loading of DLL files. An attacker who successfully exploited this issue could take complete control of an affected system, allowing them to install programs, view, change, or delete data, or create new accounts with full user rights. **Recommendations** For Microsoft Windows Vista SP1 and SP2, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Groove 2007 SP2 **Description** The issue allows local users to gain privileges via a Trojan horse `mso.dll` or `GroovePerfmon.dll` file in the current working directory. This can be demonstrated by a directory that contains a Groove vCard (.vcg) or Groove Tool Archive (.gta) file. **Recommendations** For Microsoft Groove 2007 SP2, consider restricting access to the `mso.dll` and `GroovePerfmon.dll` files to minimize the risk of exploitation. Avoid using directories that contain Groove vCard (.vcg) or Groove Tool Archive (.gta) files with potentially untrusted search paths until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** TeamMate Audit Management Software Suite version 8.0 patch 2 **Description** The issue allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks. This can be achieved via a Trojan horse `mfc71enu.dll` that is located in the same folder as a .tmx file. **Recommendations** For TeamMate Audit Management Software Suite version 8.0 patch 2, consider restricting access to the `mfc71enu.dll` file to minimize the risk of exploitation. Additionally, avoid using untrusted search paths until a fix is available. At the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: Harlandscripts Pro Traffic One (affected versions not specified) Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `trg` parameter in the "mypage.php" file. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FAR-PHP version 1.00 **Description** The issue allows remote attackers to read arbitrary files due to a directory traversal vulnerability in the index.php file when magic quotes gpc is disabled. This is achieved by using a .. (dot dot) in the `c` parameter. **Recommendations** For FAR-PHP version 1.00, consider disabling the use of the `c` parameter in the index.php file until a patch is available, or enable magic quotes gpc to prevent exploitation.

**Name of the Vulnerable Software and Affected Versions** Microsoft SQL Server 2000 (aka SQL Server 8.0) **Description** A buffer overflow issue exists in the SQLVDIRLib.SQLVDirControl ActiveX control, which can be exploited by remote attackers to cause a denial of service or possibly execute arbitrary code. This is achieved by providing a long URL in the second argument to the `Connect` method. However, in many environments, this issue may not be considered a vulnerability due to the control not being marked as safe for scripting and default Internet Explorer settings preventing its execution. **Recommendations** For Microsoft SQL Server 2000, consider restricting access to the SQLVDIRLib.SQLVDirControl ActiveX control to minimize the risk of exploitation. As a temporary workaround, avoid using the `Connect` method with long URLs until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.