Cody Pierce

**Name of the Vulnerable Software and Affected Versions** Microsoft Office PowerPoint 2003 SP3 **Description** A stack-based buffer overflow issue allows remote attackers to execute arbitrary code via a crafted PowerPoint document. This is a remote code execution issue that could allow an attacker to take complete control of an affected system, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights. **Recommendations** For Microsoft Office PowerPoint 2003 SP3, consider avoiding the use of crafted PowerPoint files until a patch is available. As a temporary workaround, restrict the handling of specially crafted PowerPoint files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows 2000 SP4 **Description** The issue allows remote attackers to execute arbitrary code via a specially crafted RPC message, which triggers a heap-based buffer overflow. This can be exploited by sending a specially crafted network message to a computer running the License Logging service, allowing an attacker to take complete control of the system. The exploitation does not require authentication. **Recommendations** For Microsoft Windows 2000 SP4, consider disabling the License Logging Server service until a patch is available to prevent exploitation. Restrict access to the LlsrLicenseRequestW method to minimize the risk of exploitation. Avoid using the License Logging service in untrusted networks until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: Microsoft Windows versions prior to Vista Gold Microsoft Windows XP versions SP2 through SP3 Microsoft Windows Server 2003 version SP2 Microsoft Windows Vista versions Gold through SP2 Microsoft Windows Server 2008 versions Gold through SP2 Description: A double free vulnerability in the Workstation service in Microsoft Windows allows remote authenticated users to gain privileges via a crafted RPC message to certain systems, or cause a denial of service via a crafted RPC message to other systems. Recommendations: For Microsoft Windows XP SP2 and SP3, update to a newer version to mitigate the risk. For Microsoft Windows Server 2003 SP2, update to a newer version to mitigate the risk. For Microsoft Windows Vista Gold, SP1, and SP2, update to a newer version to mitigate the risk. For Microsoft Windows Server 2008 Gold and SP2, update to a newer version to mitigate the risk. As a temporary workaround, consider restricting access to the Workstation service until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows 2000 SP4 **Description** The issue is related to a heap-based buffer overflow in the Microsoft Message Queuing (MSMQ) service, allowing remote attackers to read memory contents and execute arbitrary code via a crafted RPC call. This is due to improper processing of parameters to string APIs. **Recommendations** For Microsoft Windows 2000 SP4, consider restricting access to the MSMQ service until a fix is available. As a temporary workaround, disabling the MSMQ service (mqsvc.exe) can help minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Cisco Unified Communications Manager versions 4.2 through 4.2(3)SR2 Cisco Unified Communications Manager versions 4.3 through 4.3(1)SR0 CallManager versions 4.0 through 4.1(3)SR5b **Description** A heap-based buffer overflow issue exists in the Certificate Trust List (CTL) Provider service, allowing remote attackers to potentially cause a denial of service or execute arbitrary code via a long request. **Recommendations** For Cisco Unified Communications Manager versions 4.2 through 4.2(3)SR2, update to version 4.2(3)SR3 or later. For Cisco Unified Communications Manager versions 4.3 through 4.3(1)SR0, update to version 4.3(1)SR1 or later. For CallManager versions 4.0 through 4.1(3)SR5b, update to version 4.1(3)SR5c or later.

Name of the Vulnerable Software and Affected Versions: Firebird SQL versions prior to 2.0.1 Description: The issue is related to a buffer overflow in the fbserver.exe component of Firebird SQL. This occurs when a large `p cnct count` value is sent in a `p cnct` structure within a connect request to port 3050/tcp. The problem is also linked to an InterBase version of the gds32.dll file. Recommendations: For Firebird SQL versions prior to 2.0.1, update to version 2.0.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the fbserver.exe component or limiting the size of the `p cnct count` value in connect requests to port 3050/tcp until a patch is applied.

Name of the Vulnerable Software and Affected Versions: America Online version 9.0 Security Edition Description: The issue concerns the LinkSBIcons method in the SuperBuddy ActiveX control, which dereferences an arbitrary function pointer. This allows remote attackers to execute arbitrary code via a modified pointer value. Recommendations: For America Online version 9.0 Security Edition, consider disabling the LinkSBIcons method in the SuperBuddy ActiveX control as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Microsoft Internet Explorer versions 5.01 through 6 **Description** The issue arises from the improper handling of uninitialized COM objects, which can lead to memory corruption and potentially allow the execution of arbitrary code. This can be exploited through a specially crafted web page, potentially enabling an attacker to take complete control of an affected system. **Recommendations** For Microsoft Internet Explorer versions 5.01 through 6, consider disabling the instantiation of COM objects not intended for use in Internet Explorer as a temporary workaround until a patch is available. Restrict access to potentially vulnerable ActiveX controls, such as DirectAnimation.DATuple, to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Microsoft Internet Explorer 6.0 **Description** A heap-based buffer overflow issue exists in the HTML Help ActiveX control, allowing remote attackers to cause a denial of service or possibly execute arbitrary code. This can be achieved by repeatedly setting the `Image` field of an `Internet.HHCtrl.1` object to certain values. The issue may be related to improper escaping and long strings. An attacker could exploit this by constructing a malicious web page, potentially allowing remote code execution if a user visits the page, and could take complete control of the affected system. **Recommendations** For Microsoft Internet Explorer 6.0, consider disabling the HTML Help ActiveX control until a patch is available to prevent potential exploitation. Restrict access to malicious web pages to minimize the risk of remote code execution.