Chris Ries

**Name of the Vulnerable Software and Affected Versions** Mac OS X version 10.6 before 10.6.4 **Description** The issue allows remote attackers to execute arbitrary code or cause a denial of service via format string specifiers in a (1) afp, (2) cifs, or (3) smb URL. This can lead to application crashes or potentially more severe consequences. **Recommendations** For Mac OS X version 10.6 before 10.6.4, update to version 10.6.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Microsoft Internet Explorer 8 Developer Tools versions in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 **Description** The issue allows remote attackers to execute arbitrary code via unknown vectors that corrupt the system state. A remote code execution vulnerability exists in the ActiveX control, Microsoft Internet Explorer 8 Developer Tools, which could be exploited by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution, potentially giving an attacker the same user rights as the logged-on user. **Recommendations** For Microsoft Internet Explorer 8 Developer Tools in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1, consider disabling the ActiveX control until a patch is available to prevent remote code execution. As a temporary workaround, restrict access to Web pages that could potentially exploit this vulnerability to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Apple Mac OS X versions prior to 10.6.3 **Description** The issue is related to a heap-based buffer overflow in the ImageIO component of Apple Mac OS X, which can be triggered by a crafted JP2 (JPEG2000) image. This is due to an incorrect calculation and the `CGImageReadGetBytesAtOffset` function. The overflow can allow remote attackers to execute arbitrary code or cause a denial of service, resulting in an application crash. **Recommendations** For Apple Mac OS X versions prior to 10.6.3, update to version 10.6.3 or later to resolve the issue. As a temporary workaround, consider avoiding the use of JPEG2000 images until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Apple Mac OS X versions prior to 10.6.3 **Description** A buffer overflow issue in the Image RAW component of Apple Mac OS X allows remote attackers to execute arbitrary code or cause a denial of service, resulting in an application crash, via a crafted PEF image. **Recommendations** For versions prior to 10.6.3, update to version 10.6.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** OpenSAML versions 2.0 through 2.2.0 XMLTooling versions 1.0 through 1.2.0 Internet2 Shibboleth Service Provider versions 2.0 through 2.2.0 **Description** The issue allows remote attackers to use a certificate for both signing and encryption when it is designated for just one purpose, potentially weakening the intended security application of the certificate. This is due to not following the KeyDescriptor element's Use attribute. **Recommendations** For OpenSAML versions 2.0 through 2.2.0, update to version 2.2.1 or later. For XMLTooling versions 1.0 through 1.2.0, update to version 1.2.1 or later. For Internet2 Shibboleth Service Provider versions 2.0 through 2.2.0, update to version 2.2.1 or later.

**Name of the Vulnerable Software and Affected Versions** Internet2 Shibboleth Service Provider software versions 1.3.x through 1.3.2 Internet2 Shibboleth Service Provider software versions 2.x through 2.2.0 **Description** The issue arises when the software uses PKIX trust validation and fails to properly handle a '0' character in the subject or subjectAltName fields of a certificate. This allows remote attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. **Recommendations** For versions 1.3.x through 1.3.2, update to version 1.3.3 or later. For versions 2.x through 2.2.0, update to version 2.2.1 or later.

**Name of the Vulnerable Software and Affected Versions** nginx versions 0.1.0 through 0.5.37 nginx versions 0.6.x before 0.6.39 nginx versions 0.7.x before 0.7.62 nginx versions 0.8.x before 0.8.15 **Description** A buffer underflow issue in the src/http/ngx http parse.c file allows remote attackers to execute arbitrary code via crafted HTTP requests. **Recommendations** For versions 0.1.0 through 0.5.37, update to a version after 0.5.37. For versions 0.6.x before 0.6.39, update to version 0.6.39 or later. For versions 0.7.x before 0.7.62, update to version 0.7.62 or later. For versions 0.8.x before 0.8.15, update to version 0.8.15 or later.

**Name of the Vulnerable Software and Affected Versions** Java for Mac OS X version 10.5 before Update 5 **Description** The issue is a stack-based buffer overflow in the Java Web Start command launcher, allowing attackers to execute arbitrary code or cause a denial of service, resulting in an application crash, via unspecified vectors. **Recommendations** For Java for Mac OS X version 10.5 before Update 5, update to Update 5 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Apple Mac OS X versions prior to 10.5.8 Apple Mac OS X version 10.4 before Digital Camera RAW Compatibility Update 2.6 Description: The issue allows remote attackers to execute arbitrary code or cause a denial of service via a crafted Canon RAW image. This is due to a stack-based buffer overflow in Image RAW. Recommendations: For Apple Mac OS X versions prior to 10.5.8, update to version 10.5.8 or later. For Apple Mac OS X version 10.4, apply Digital Camera RAW Compatibility Update 2.6 or later.

Name of the Vulnerable Software and Affected Versions: Apple Mac OS X versions 10.4.11 through 10.5.4 Description: A heap-based buffer overflow issue exists, allowing remote attackers to execute arbitrary code via a document containing a crafted font, related to PostScript font names. Recommendations: For Apple Mac OS X versions 10.4.11 through 10.5.4, update to a version outside of this range to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple QuickTime versions prior to 7.4 **Description** The issue is related to a buffer overflow that can be triggered by a crafted compressed PICT image during decoding, allowing remote attackers to execute arbitrary code. **Recommendations** For versions prior to 7.4, update to version 7.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Microsoft Office Web Components 2000 (affected versions not specified) **Description** The issue concerns an unspecified vulnerability in certain COM objects. It allows user-assisted remote attackers to execute arbitrary code via a crafted URL. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft PowerPoint (affected versions not specified) **Description** A remote code execution issue exists and could be exploited when a specially crafted file is opened. This file might be included in an e-mail attachment or hosted on a malicious web site. An attacker could exploit this issue by constructing a specially crafted PowerPoint file that could allow remote code execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Opera versions 8.54 and earlier **Description** The issue allows remote attackers to execute arbitrary code via a JPEG image with large height and width values. This is due to an integer overflow, which causes less memory to be allocated than intended. **Recommendations** For Opera versions 8.54 and earlier, update to a version later than 8.54 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** ntp versions prior to 4.2.4p7 ntp versions prior to 4.2.5p74 **Description** The issue concerns multiple vulnerabilities in the ntp package, which can lead to breaches of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. A specific vulnerability is a stack-based buffer overflow in the `crypto recv` function in `ntpd`, which allows remote attackers to execute arbitrary code via a crafted packet containing an extension field when OpenSSL and autokey are enabled. **Recommendations** For ntp versions prior to 4.2.4p7, update to version 4.2.4p7 or later to resolve the issue. For ntp versions prior to 4.2.5p74, update to version 4.2.5p74 or later to resolve the issue. As a temporary workaround, consider disabling the `crypto recv` function until a patch is available. Restrict access to the ntp service to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** libopenexr6 versions (affected versions not specified) libopenexr2c2a versions (affected versions not specified) libopenexr-dev versions (affected versions not specified) OpenEXR version 1.2.2 **Description** The issue affects the compression implementation in OpenEXR, allowing context-dependent attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors. This can lead to a violation of confidentiality, integrity, and availability of protected information. The exploitation of these vulnerabilities can be carried out remotely. **Recommendations** For libopenexr6, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For libopenexr2c2a, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For libopenexr-dev, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For OpenEXR version 1.2.2, consider updating to a version that fixes the heap-based buffer overflow in the compression implementation to prevent potential denial of service or arbitrary code execution.