David Warren

**Name of the Vulnerable Software and Affected Versions** Apache HTTP Server versions prior to 2.4.58 **Description** The issue is related to the handling of HTTP/2 streams in the Apache HTTP Server. When a client resets an HTTP/2 stream using an RST frame, there is a time window where the request's memory resources are not immediately reclaimed. Instead, de-allocation is deferred until the connection is closed. A client can exploit this by sending new requests and resets, keeping the connection busy and open, and causing the memory footprint to grow. This can lead to a denial-of-service condition if the process runs out of memory before the connection is closed. **Recommendations** To resolve the issue, upgrade to version 2.4.58 or later, which fixes the problem. As a temporary workaround, consider restricting the use of HTTP/2 streams or limiting the number of concurrent connections to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Microsoft Office versions 2007 SP2, 2010 Gold, and 2010 SP1 **Description** A remote code execution issue exists in the way Microsoft Office handles specially crafted Word files. This allows remote attackers to execute arbitrary code via a crafted document. An attacker who successfully exploits this issue could take complete control of an affected system, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights. **Recommendations** For Microsoft Office 2007 SP2, consider applying the necessary security updates to resolve the issue. For Microsoft Office 2010 Gold, apply the relevant security patch to fix the vulnerability. For Microsoft Office 2010 SP1, update to a version that includes the security fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows XP versions SP2 through SP3 Microsoft Windows Server 2003 version SP2 Microsoft Windows Vista versions SP1 through SP2 Microsoft Windows Server 2008 versions Gold through R2 SP1 Microsoft Windows 7 versions Gold through SP1 **Description** The issue is related to an integer underflow in the BowserWriteErrorLogEntry function in the Common Internet File System (CIFS) browser service, which can lead to a heap-based buffer overflow. This allows remote attackers to execute arbitrary code or cause a denial of service via a malformed BROWSER ELECTION message. An unauthenticated remote code execution vulnerability exists in the way that the CIFS Browser Protocol implementation parses malformed browser messages, enabling an attacker to execute arbitrary code and take complete control of an affected system. **Recommendations** For Microsoft Windows XP versions SP2 through SP3, update to a newer version to mitigate the risk. For Microsoft Windows Server 2003 version SP2, update to a newer version to mitigate the risk. For Microsoft Windows Vista versions SP1 through SP2, update to a newer version to mitigate the risk. For Microsoft Windows Server 2008 versions Gold through R2 SP1, update to a newer version to mitigate the risk. For Microsoft Windows 7 versions Gold through SP1, update to a newer version to mitigate the risk. As a temporary workaround, consider restricting access to the CIFS Browser Protocol to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Stonesoft StoneGate (affected versions not specified) Cisco ASA (affected versions not specified) SonicWALL E-Class SSL VPN (affected versions not specified) SonicWALL SSL VPN (affected versions not specified) SafeNet SecureWire Access Gateway (affected versions not specified) Juniper Networks Secure Access (affected versions not specified) Nortel CallPilot (affected versions not specified) Citrix Access Gateway (affected versions not specified) **Description** The issue allows remote attackers to conduct cross-site scripting attacks, read cookies from other domains, access the Web VPN session to gain internal resources, perform key logging, and conduct other attacks. This is due to the products retrieving content from remote URLs and rewriting them to appear as if they originated from the VPN's domain, violating the same origin policy. **Recommendations** For Stonesoft StoneGate, consider restricting access to the same domain as the VPN to minimize the risk of exploitation. For Cisco ASA, restrict access to the same domain as the VPN to prevent cross-site scripting attacks and unauthorized access to internal resources. For SonicWALL E-Class SSL VPN and SonicWALL SSL VPN, limit the ability of the VPN to retrieve and rewrite content from remote URLs to prevent attacks. For SafeNet SecureWire Access Gateway, implement configuration changes to restrict access to the VPN's domain and prevent violation of the same origin policy. For Juniper Networks Secure Access, Nortel CallPilot, and Citrix Access Gateway, apply similar restrictions and configuration changes to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.