Jun Mao

**Name of the Vulnerable Software and Affected Versions** Microsoft Excel versions 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 Office 2008 and 2011 for Mac Excel Viewer Office Compatibility Pack versions SP2 and SP3 **Description** A remote code execution issue exists in the way Microsoft Excel handles specially crafted Excel files. This allows an attacker to execute arbitrary code via a crafted spreadsheet. An attacker who successfully exploits this issue could take complete control of an affected system, then install programs, view, change, or delete data, or create new accounts with full user rights. **Recommendations** For Microsoft Excel versions 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1, update to a newer version to mitigate the risk. For Office 2008 and 2011 for Mac, update to a newer version to mitigate the risk. For Excel Viewer, update to a newer version to mitigate the risk. For Office Compatibility Pack versions SP2 and SP3, update to a newer version to mitigate the risk.

**Name of the Vulnerable Software and Affected Versions** Microsoft Excel versions 2007 SP2 through 2007 SP3 Microsoft Excel 2010 Gold and 2010 SP1 Microsoft Excel Viewer (affected versions not specified) Microsoft Office Compatibility Pack versions SP2 through SP3 **Description** A remote code execution issue exists in the way Microsoft Excel handles specially crafted Excel files, allowing attackers to execute arbitrary code via a crafted spreadsheet that triggers incorrect handling of memory during opening. This could enable an attacker to take complete control of an affected system, install programs, view, change, or delete data, or create new accounts with full user rights. **Recommendations** For Microsoft Excel 2007 SP2 and SP3, update to a newer version to mitigate the risk. For Microsoft Excel 2010 Gold and 2010 SP1, update to a newer version to mitigate the risk. For Microsoft Excel Viewer, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Microsoft Office Compatibility Pack SP2 and SP3, update to a newer version to mitigate the risk.

**Name of the Vulnerable Software and Affected Versions** Microsoft Office Word versions 2002 SP3 through 2003 SP3 Microsoft Works version 8.5 Office Converter Pack (affected versions not specified) WordPad in Windows versions 2000 SP4 through Server 2003 SP2 **Description** The issue allows remote attackers to execute arbitrary code via a specially crafted Word file, which triggers a heap-based buffer overflow due to an integer overflow in the text converters. This occurs when a user opens a malicious file, such as a DOC file with an invalid number of property names in the DocumentSummaryInformation stream. **Recommendations** For Microsoft Office Word versions 2002 SP3 through 2003 SP3, update to a newer version to mitigate the risk. For Microsoft Works version 8.5, consider disabling the use of text converters until a patch is available. For Office Converter Pack, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For WordPad in Windows versions 2000 SP4 through Server 2003 SP2, restrict access to opening specially crafted Word 97 files to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Microsoft Office Word versions 2002 SP3 and 2003 SP3 Office 2004 and 2008 for Mac Open XML File Format Converter for Mac Office Word Viewer 2003 SP3 Office Word Viewer Description: A remote code execution issue exists in the way Microsoft Office Word handles specially crafted Word files with a malformed record or File Information Block (FIB) structure. This could allow an attacker to execute arbitrary code and take complete control of an affected system, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights. The impact may be less severe for users with fewer user rights on the system compared to those operating with administrative user rights. Recommendations: For Microsoft Office Word 2002 SP3, update to a newer version to mitigate the risk. For Microsoft Office Word 2003 SP3, update to a newer version to mitigate the risk. For Office 2004 and 2008 for Mac, update to a newer version to mitigate the risk. For Open XML File Format Converter for Mac, update to a newer version to mitigate the risk. For Office Word Viewer 2003 SP3, update to a newer version to mitigate the risk. For Office Word Viewer, update to a newer version to mitigate the risk.

Name of the Vulnerable Software and Affected Versions: Adobe Flash Player versions prior to 9.0.246.0 Adobe Flash Player versions 10.x prior to 10.0.32.18 Adobe AIR versions prior to 1.5.2 Description: A heap-based buffer overflow issue allows attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors involving URL parsing. Recommendations: For Adobe Flash Player versions prior to 9.0.246.0, update to version 9.0.246.0 or later. For Adobe Flash Player versions 10.x prior to 10.0.32.18, update to version 10.0.32.18 or later. For Adobe AIR versions prior to 1.5.2, update to version 1.5.2 or later.

Name of the Vulnerable Software and Affected Versions: Adobe Reader versions 7.0.0 through 7.1.2 Adobe Reader versions 8.0.0 through 8.1.5 Adobe Reader versions 9.0.0 through 9.1.1 Adobe Acrobat versions 7.0.0 through 7.1.2 Adobe Acrobat versions 8.0.0 through 8.1.5 Adobe Acrobat versions 9.0.0 through 9.1.1 Description: The issue is caused by an integer overflow in the FlateDecode filter, which can be triggered by a PDF file containing unspecified parameters. This can lead to a denial of service or possibly allow attackers to execute arbitrary code via a heap-based buffer overflow. Recommendations: For Adobe Reader versions 7.0.0 through 7.1.2, update to version 7.1.3 or later. For Adobe Reader versions 8.0.0 through 8.1.5, update to version 8.1.6 or later. For Adobe Reader versions 9.0.0 through 9.1.1, update to version 9.1.2 or later. For Adobe Acrobat versions 7.0.0 through 7.1.2, update to version 7.1.3 or later. For Adobe Acrobat versions 8.0.0 through 8.1.5, update to version 8.1.6 or later. For Adobe Acrobat versions 9.0.0 through 9.1.1, update to version 9.1.2 or later.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows 2000 SP4 **Description** A remote code execution issue exists in the Windows Print Spooler Service, allowing a remote, unauthenticated attacker to execute arbitrary code on an affected system. This could enable the attacker to take complete control of the system, install programs, view, change, or delete data, or create new accounts. The issue is related to a stack-based buffer overflow in the EnumeratePrintShares function in win32spl.dll, which can be triggered by a crafted ShareName in a response to an RPC request. **Recommendations** For Microsoft Windows 2000 SP4, apply the necessary patch to fix the buffer overflow in the Print Spooler Service to prevent remote code execution. As a temporary workaround, consider restricting access to the Windows Print Spooler Service until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows versions prior to the fixed version, including Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP1 and SP2 **Description** The issue is related to a stack-based buffer overflow in the Word 97 text converter in WordPad, allowing remote attackers to execute arbitrary code via a crafted Word 97 file. This occurs due to the use of inconsistent integer data sizes for an unspecified length field, leading to memory corruption. A remote code execution vulnerability exists in WordPad when a user opens a specially crafted Word file, resulting in memory corruption. **Recommendations** For Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP1 and SP2, update to a version that includes the fix for this issue. As a temporary workaround, consider avoiding the use of WordPad to open Word 97 files from untrusted sources until a patch is available.

Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer versions 5.01 SP4, 6 SP1 Microsoft Internet Explorer version 6 on Windows XP and Server 2003 Description: The issue arises from a stack-based buffer overflow that occurs when Microsoft Internet Explorer does not properly handle extraneous data associated with an object embedded in a web page. This allows remote attackers to execute arbitrary code via crafted HTML tags that trigger memory corruption. A remote code execution vulnerability exists in the way Internet Explorer embeds objects into a Web page, which could be exploited by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution, potentially giving an attacker the same user rights as the logged on user. Recommendations: For Microsoft Internet Explorer version 5.01 SP4, update to a version that properly handles object embedding to prevent memory corruption. For Microsoft Internet Explorer version 6 SP1, ensure that all web pages are thoroughly validated to prevent exploitation of the buffer overflow. For Microsoft Internet Explorer version 6 on Windows XP and Server 2003, restrict access to potentially malicious web pages until a proper fix is applied.

**Name of the Vulnerable Software and Affected Versions** Apple QuickTime versions prior to 7.4 **Description** The issue allows remote attackers to execute arbitrary code via a movie file containing a Macintosh Resource record with a modified length value in the resource header, which triggers heap corruption. **Recommendations** For versions prior to 7.4, update to version 7.4 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Microsoft DirectX versions 7.0 through 10.0 Description: The issue is related to a stack-based buffer overflow in the DirectShow Synchronized Accessible Media Interchange (SAMI) parser in quartz.dll. This allows remote attackers to execute arbitrary code via a crafted SAMI file. Recommendations: For Microsoft DirectX versions 7.0 through 10.0, update to a version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Trend Micro ServerProtect for Windows versions prior to 5.58 Security Patch 4 **Description** The issue concerns multiple buffer overflows in the ServerProtect service, allowing remote attackers to execute arbitrary code via certain RPC requests to specific TCP ports. These requests are processed by various functions, including `RPCFN ENG NewManualScan`, `RPCFN ENG TimedNewManualScan`, `RPCFN SetComputerName`, `RPCFN CMON SetSvcImpersonateUser`, `RPCFN OldCMON SetSvcImpersonateUser`, `RPCFN ENG TakeActionOnAFile`, `RPCFN ENG AddTaskExportLogItem`, `NTF SetPagerNotifyConfig`, and `RPCFN CopyAUSrc`, which are located in different DLL files such as `StRpcSrv.dll`, `Stcommon.dll`, `Eng50.dll`, `Notification.dll`. **Recommendations** For Trend Micro ServerProtect for Windows versions prior to 5.58 Security Patch 4, apply Security Patch 4 to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable TCP ports and disabling the `RPCFN ENG NewManualScan`, `RPCFN ENG TimedNewManualScan`, `RPCFN SetComputerName`, `RPCFN CMON SetSvcImpersonateUser`, `RPCFN OldCMON SetSvcImpersonateUser`, `RPCFN ENG TakeActionOnAFile`, `RPCFN ENG AddTaskExportLogItem`, `NTF SetPagerNotifyConfig`, and `RPCFN CopyAUSrc` functions until the patch is applied.