Collin R. Mulliner

Name of the Vulnerable Software and Affected Versions: BlueZ (bluez-utils) versions prior to 2.25 Description: The issue allows remote attackers to obtain control of the Mouse and Keyboard Human Interface Device (HID) via a certain configuration of two HID (PSM) endpoints, operating as a server. Recommendations: For versions prior to 2.25, update to version 2.25 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** ArcSoft MMS Composer versions 1.5.5.6 and earlier ArcSoft MMS Composer versions 2.0.0.13 and earlier **Description** The issue is related to multiple buffer overflows that can be triggered by crafted MMS messages. These overflows occur in the (1) M-Notification.ind, (2) M-Retrieve.conf (Header and Body), or (3) SMIL parsers, allowing remote attackers to cause a denial of service (crash) or execute arbitrary code. **Recommendations** For ArcSoft MMS Composer versions 1.5.5.6 and earlier, consider disabling the M-Notification.ind, M-Retrieve.conf, and SMIL parsers until a patch is available. For ArcSoft MMS Composer versions 2.0.0.13 and earlier, consider disabling the M-Notification.ind, M-Retrieve.conf, and SMIL parsers until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ArcSoft MMS Composer versions 1.5.5.6 and earlier ArcSoft MMS Composer versions 2.0.0.13 and earlier **Description** The issue allows remote attackers to cause a denial of service, resulting in resource exhaustion and application crash. This can be achieved via WAPPush messages sent to UDP port 2948. **Recommendations** For versions 1.5.5.6 and earlier, restrict access to UDP port 2948 to minimize the risk of exploitation. For versions 2.0.0.13 and earlier, consider disabling the WAPPush message handling functionality until a patch is available.