Greg Linares

**Name of the Vulnerable Software and Affected Versions** BlackBerry Application Web Loader version 1.0 **Description** The issue is related to multiple stack-based buffer overflows in the Research in Motion RIM AxLoader ActiveX control. This can be exploited by remote attackers to execute arbitrary code, potentially through the use of the `load` or `loadJad` method. **Recommendations** For BlackBerry Application Web Loader version 1.0, as a temporary workaround, consider disabling the `load` and `loadJad` methods until a patch is available. Restrict access to the AxLoader ActiveX control to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: NetCamPlayerWeb11gv2.ocx version prior to firmware 1.25 Description: The issue is related to a stack-based buffer overflow in the SetSource method of the NetCamPlayerWeb11gv2 ActiveX control. This allows remote attackers to execute arbitrary code via long invalid arguments. Recommendations: For versions prior to firmware 1.25, update to firmware 1.25 or later to resolve the issue. As a temporary workaround, consider restricting access to the SetSource method in the NetCamPlayerWeb11gv2 ActiveX control until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Creative Software AutoUpdate Engine version (affected versions not specified) **Description** The issue is related to a stack-based buffer overflow in the Creative Software AutoUpdate Engine ActiveX control. This occurs when a long value is assigned to the `CacheFolder` property, allowing remote attackers to execute arbitrary code. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Free Lossless Audio Codec (FLAC) libFLAC versions prior to 1.2.1 **Description** The issue concerns multiple double free vulnerabilities in the Free Lossless Audio Codec (FLAC) libFLAC. These vulnerabilities can be exploited by user-assisted remote attackers via malformed Seektable values or Seektable Data Offsets in a .FLAC file, potentially allowing the execution of arbitrary code. **Recommendations** For versions prior to 1.2.1, update to version 1.2.1 or later to resolve the issue. As a temporary workaround, consider avoiding the use of .FLAC files from untrusted sources until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Free Lossless Audio Codec (FLAC) versions prior to 1.2.1 **Description** The issue allows user-assisted remote attackers to force a client to download arbitrary files via the MIME-Type URL flag for the FLAC image file in a crafted .FLAC file. **Recommendations** For versions prior to 1.2.1, update to version 1.2.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** BlazeVideo HDTV Player versions 2.1 and earlier BlazeVideo HDTV Player version 3.5 **Description** The issue is a stack-based buffer overflow that allows remote attackers to execute arbitrary code via a long filename in a PLF playlist. **Recommendations** For versions 2.1 and earlier, update to a version later than the fixed version, if available. For version 3.5, update to a version later than the fixed version, if available. As a temporary workaround, consider restricting the use of long filenames in PLF playlists to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Quintessential Player versions 4.50.1.82 and earlier **Description** The issue allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted files, including M3u, M3u-8, or PLS files with long values in specific fields such as `NumberofEntries`, `Length`, `Filename`, or `Title`. **Recommendations** For versions 4.50.1.82 and earlier, consider avoiding the use of crafted M3u, M3u-8, or PLS files until a patch is available. As a temporary workaround, restrict the handling of files with long values in the `NumberofEntries`, `Length`, `Filename`, or `Title` fields to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Songbird Media Player versions 0.2 and earlier **Description** The issue allows remote attackers to cause a denial of service, resulting in a crash, by exploiting a format string vulnerability. This can be achieved through an M3U Playlist file that contains extended ASCII characters, which triggers the invocation of the Unicode converter. **Recommendations** For Songbird Media Player versions 0.2 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** VUPlayer versions 2.44 and earlier **Description** A stack-based buffer overflow issue allows remote attackers to execute arbitrary code via a long string in an M3U file. This type of attack is referred to as an "M3U UNC Name" attack. **Recommendations** For versions 2.44 and earlier, update to a version later than 2.44 to resolve the issue. As a temporary workaround, consider avoiding the use of long strings in M3U files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** AtomixMP3 versions 2.3 and earlier **Description** A stack-based buffer overflow issue allows remote attackers to execute arbitrary code via a long pathname in an M3U file. **Recommendations** For versions 2.3 and earlier, update to a version later than 2.3 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Un4seen XMPlay versions 3.3.0.5 and earlier **Description** The issue is a stack-based buffer overflow that allows remote attackers to execute arbitrary code via a M3U file containing a long `FileName`, and cause a crash via a long `DisplayName`. **Recommendations** For Un4seen XMPlay versions 3.3.0.5 and earlier, update to a version later than 3.3.0.5 to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Easy File Sharing (EFS) Easy Address Book version 1.2 Description: The issue allows remote attackers to read arbitrary files under the web root by appending "::$DATA" to the end of an HTTP GET request, which accesses the alternate data stream. This occurs when the software is run on an NTFS file system. Recommendations: For Easy File Sharing (EFS) Easy Address Book version 1.2, consider restricting access to sensitive files under the web root until a patch is available. As a temporary workaround, avoid using the NTFS file system or disable the ability to access alternate data streams.

Name of the Vulnerable Software and Affected Versions: Easy File Sharing (EFS) Web Server version 4.0 Description: The issue allows remote attackers to read arbitrary files under the web root by appending "::$DATA" to the end of a HTTP GET request, accessing the alternate data stream. Recommendations: For Easy File Sharing (EFS) Web Server version 4.0, consider restricting access to sensitive files under the web root until a patch is available. As a temporary workaround, avoid using NTFS file systems or disable the ability to access alternate data streams.

Name of the Vulnerable Software and Affected Versions: MiniHTTP Web Forum & File Server PowerPack version 4.0 Description: The issue allows remote attackers to add or modify arbitrary user accounts. This is achieved by modifying the `frmMailBox` and `frmUserPass` parameters in the 'join.asp' file. Recommendations: For MiniHTTP Web Forum & File Server PowerPack version 4.0, avoid using the `join.asp` file until a fix is available, and restrict access to the `frmMailBox` and `frmUserPass` parameters to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: QK SMTP versions 3.01 and earlier Description: A stack-based buffer overflow issue might allow remote attackers to execute arbitrary code via a long argument to the "RCPT TO" command. Recommendations: For QK SMTP versions 3.01 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: RevilloC MailServer versions 1.21 and earlier Description: The issue is related to multiple heap-based buffer overflows that can be triggered by remote attackers. This can be achieved by sending a long argument to either the `MAIL FROM` or `RCPT TO` command. As a result, attackers can cause a denial of service, leading to CPU consumption or an application crash, or potentially execute arbitrary code. Recommendations: For RevilloC MailServer versions 1.21 and earlier, update to a version later than 1.21 to resolve the issue. As a temporary workaround, consider restricting access to the `MAIL FROM` and `RCPT TO` commands to minimize the risk of exploitation.