H07

Name of the Vulnerable Software and Affected Versions: Download Accelerator Plus (DAP) versions 7.0.1.3 through 8.x Description: A stack-based buffer overflow issue exists, allowing remote attackers to execute arbitrary code via an M3U (.m3u) file containing a long MP3 URL. Recommendations: For Download Accelerator Plus (DAP) versions 7.0.1.3 through 8.x, avoid using the software to open M3U files from untrusted sources until a patch is available. As a temporary workaround, consider disabling the handling of M3U files in DAP to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** CA BrightStor ARCserve Backup version R11.5 CA Desktop Management Suite versions r11.1 through r11.2 CA Unicenter products versions r11.1 through r11.2 **Description** A stack-based buffer overflow issue exists in the ListCtrl ActiveX Control, which is used in multiple CA products. This issue can be exploited by remote attackers to execute arbitrary code or cause a denial of service via a long argument to the `AddColumn` method. **Recommendations** For CA BrightStor ARCserve Backup version R11.5, update to a version that includes a fix for this issue. For CA Desktop Management Suite versions r11.1 through r11.2, update to a version that includes a fix for this issue. For CA Unicenter products versions r11.1 through r11.2, update to a version that includes a fix for this issue. As a temporary workaround, consider restricting access to the `AddColumn` method in the ListCtrl ActiveX Control until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Comodo AntiVirus version 2.0 **Description** The issue concerns a certain ActiveX control that allows remote attackers to execute arbitrary commands. This is achieved via the `ExecuteStr` method, which is vulnerable to exploitation. **Recommendations** For Comodo AntiVirus version 2.0, consider disabling the vulnerable ActiveX control as a temporary workaround until a patch is available. Restrict access to the `ExecuteStr` method to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: COWON America jetAudio Basic version 7.0.3 Description: The issue is a stack-based buffer overflow that allows user-assisted remote attackers to execute arbitrary code. This can be achieved by providing a long URL in an EXTM3U section of a .m3u file. Recommendations: For version 7.0.3, consider avoiding the use of long URLs in EXTM3U sections of .m3u files until a patch is available. As a temporary workaround, restrict the handling of .m3u files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** iMatix Xitami Web Server version 2.5c2 **Description** The issue is related to multiple buffer overflows that allow remote attackers to execute arbitrary code. This can be achieved by sending a long If-Modified-Since header to either xigui32.exe or xitami.exe. **Recommendations** For iMatix Xitami Web Server version 2.5c2, consider updating to a newer version that addresses these buffer overflows, or as a temporary workaround, restrict access to xigui32.exe and xitami.exe to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** jetAudio versions 7.0.3 through 7.0.3.3016 **Description** The issue allows remote attackers to create or overwrite arbitrary local files via a .. (dot dot backslash) in the second argument to the `DownloadFromMusicStore` method. This can be leveraged for code execution by overwriting JetAudio.exe, which is launched by the control after completion of the method call. **Recommendations** For versions 7.0.3 through 7.0.3.3016, consider disabling the `DownloadFromMusicStore` method until a patch is available to prevent exploitation. Restrict access to the JetAudio.Interface.1 ActiveX control in JetFlExt.dll to minimize the risk of arbitrary file creation or overwrite.

**Name of the Vulnerable Software and Affected Versions** DirectX Media 6.0 SDK versions 6.0.2.827 **Description** A buffer overflow issue exists in the Live Picture Corporation DXSurface.LivePicture.FlashPix.1 ActiveX control, which is part of the DirectX Media 6.0 SDK. This issue allows remote attackers to execute arbitrary code by providing a long `SourceUrl` property value. **Recommendations** For version 6.0.2.827, consider disabling the use of the `SourceUrl` property in the DXSurface.LivePicture.FlashPix.1 ActiveX control until a patch is available. Restrict access to the DXTLIPI.DLL library to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Nessus Vulnerability Scanner version 3.0.6 Description: The issue allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the argument to the `saveNessusRC` method, which writes text specified by the `addsetConfig` method. This is possibly related to the `SCANCTRL.ScanCtrlCtrl.1` ActiveX control in `scan.dll`. It can be leveraged for code execution by writing to a Startup folder. Recommendations: For Nessus Vulnerability Scanner version 3.0.6, consider disabling the `saveNessusRC` method or restricting access to the `SCANCTRL.ScanCtrlCtrl.1` ActiveX control in `scan.dll` to minimize the risk of exploitation. Avoid using the `addsetConfig` method with untrusted input until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: Nessus Vulnerability Scanner version 3.0.6 Description: The issue allows remote attackers to delete arbitrary files via a .. (dot dot) in the argument to the `deleteReport` method, probably related to the `SCANCTRL.ScanCtrlCtrl.1` ActiveX control in `scan.dll`. This is a directory traversal vulnerability in a certain ActiveX control. Recommendations: For Nessus Vulnerability Scanner version 3.0.6, consider disabling the `deleteReport` method until a patch is available to prevent remote attackers from deleting arbitrary files. Restrict access to the `SCANCTRL.ScanCtrlCtrl.1` ActiveX control in `scan.dll` to minimize the risk of exploitation. Avoid using the `..` (dot dot) sequence in the argument to the `deleteReport` method until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Visual IRC (ViRC) version 2.0 **Description** A stack-based buffer overflow issue allows remote IRC servers to execute arbitrary code via a long response to a JOIN command. **Recommendations** For Visual IRC (ViRC) version 2.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Qualcomm Eudora version 7.1.0.9 Description: A buffer overflow issue allows remote IMAP servers to execute arbitrary code on the client-side via a long FLAGS response to a SELECT INBOX command. This can be exploited by user-assisted, remote IMAP servers. Recommendations: For version 7.1.0.9, update to a newer version that contains a fix for this issue to prevent arbitrary code execution.

**Name of the Vulnerable Software and Affected Versions** Eudora version 7.1 **Description** A stack-based buffer overflow issue allows remote SMTP servers to execute arbitrary code via a long SMTP reply. This issue requires user assistance, as the user must click through a warning about a possible buffer overflow exploit to trigger it. **Recommendations** For Eudora version 7.1, avoid clicking through warnings about possible buffer overflow exploits from remote SMTP servers to prevent potential code execution. Consider disabling the SMTP functionality until a fix is available.

Name of the Vulnerable Software and Affected Versions: Microsoft Windows versions 2000 SP4 and XP SP2 Description: The issue allows remote attackers to cause a denial of service, specifically memory consumption, by sending a large `maxlen` value in a `NetrWkstaUserEnum` RPC request to the Workstation service. Recommendations: For Microsoft Windows 2000 SP4 and XP SP2, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows versions prior to Windows 2000 SP4 Microsoft Windows XP versions prior to SP2 **Description** The issue is related to the RpcGetPrinterData function in the Print Spooler service, which allows remote attackers to cause a denial of service by consuming memory via an RPC request with a large `offered` value, specifying the output buffer size. **Recommendations** For Microsoft Windows 2000, update to at least SP4 to resolve the issue. For Microsoft Windows XP, update to at least SP2 to resolve the issue. As a temporary workaround, consider restricting access to the Print Spooler service to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Microsoft Windows NAT Helper Components (ipnathlp.dll) on Windows XP SP2 Description: The issue allows remote attackers to cause a denial of service via a malformed DNS query. This results in a null pointer dereference, leading to a crash of the svchost.exe process when Internet Connection Sharing is enabled. Recommendations: For Windows XP SP2, consider disabling Internet Connection Sharing as a temporary workaround to minimize the risk of exploitation. Restrict access to the ipnathlp.dll component to prevent potential attacks.

**Name of the Vulnerable Software and Affected Versions** InterVations NaviCOPA Web Server version 2.01 **Description** A buffer overflow issue allows remote attackers to execute arbitrary code via a long HTTP GET request. **Recommendations** For InterVations NaviCOPA Web Server version 2.01, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Ipswitch WS FTP Limited Edition (LE) version 5.08 **Description** A buffer overflow issue allows remote FTP servers to execute arbitrary code via a long response to a PASV command. **Recommendations** For Ipswitch WS FTP Limited Edition (LE) version 5.08, consider disabling the PASV command functionality until a patch is available. Restrict access to the FTP server to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WFTPD Server version 3.23 **Description** A buffer overflow issue allows remote attackers to execute arbitrary code via long SIZE commands. **Recommendations** For WFTPD Server version 3.23, update to a version that contains a fix for this issue, as using long SIZE commands can lead to arbitrary code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.