Karl Lynn

**Name of the Vulnerable Software and Affected Versions** Citrix Presentation Server Client for Windows versions prior to 10.0 **Description** The issue allows remote web sites to execute arbitrary code via unspecified vectors, related to the implementation of ICA connectivity through proxy servers. **Recommendations** For versions prior to 10.0, update to version 10.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** McAfee Security Center version 6.0.23 **Description** The issue is related to a buffer overflow in the McSubMgr ActiveX control, which allows remote attackers to execute arbitrary commands. This is achieved by providing long string parameters that are later used in `vsprintf`, leading to the potential execution of malicious code. **Recommendations** For McAfee Security Center version 6.0.23, update to a newer version that contains a fix for this issue to prevent exploitation. As a temporary workaround, consider restricting the use of the McSubMgr ActiveX control until a patch is available. Avoid using long string parameters in the affected control to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Apple Quicktime versions prior to 7.0.4 **Description** The issue is related to a heap-based buffer overflow that can be triggered by a specially crafted GIF image file. This file contains a modified Netscape Navigator Application Extension Block in the Picture Modifier block, which can lead to the execution of arbitrary code. **Recommendations** For versions prior to 7.0.4, update to version 7.0.4 or later to resolve the issue.

Multiple heap-based buffer overflows in QuickTime.qts in Apple QuickTime Player 7.0.3 and iTunes 6.0.1 (3) and earlier allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a .mov file with (1) a Movie Resource atom with a large size value, or (2) an stsd atom with a modified Sample Description Table size value, and possibly other vectors involving media files. NOTE: item 1 was originally identified by CVE-2005-4127 for a pre-patch announcement, and item 2 was originally identified by CVE-2005-4128 for a pre-patch announcement.

**Name of the Vulnerable Software and Affected Versions** RealPlayer versions 8, 10, 10.5 RealOne Player versions 1, 2 Helix Player version 10.0.0 **Description** The issue is caused by an integer overflow that leads to a stack-based buffer overflow, allowing remote attackers to execute arbitrary code. This can be achieved via an .rm movie file with a large value in the length field of the first data packet. **Recommendations** For RealPlayer versions 8, 10, 10.5, update to a version that fixes the integer overflow issue. For RealOne Player versions 1, 2, update to a version that fixes the integer overflow issue. For Helix Player version 10.0.0, update to a version that fixes the integer overflow issue. As a temporary workaround, consider avoiding the use of .rm movie files with large values in the length field of the first data packet until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Apple QuickTime version 6.5 and earlier **Description** The issue is related to an integer overflow in the sample-to-chunk table data for a .mov movie file. This occurs when a large "number of entries" field is encountered, leading to a heap-based buffer overflow. This can allow attackers to execute arbitrary code. **Recommendations** For Apple QuickTime version 6.5 and earlier, update to version 6.5.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Symantec Norton Internet Security versions 2003 through 2004 Norton Personal Firewall versions 2003 through 2004 Client Firewall versions 5.01 through 5.1.1 Client Security versions 1.0 through 1.1 **Description** The issue allows remote attackers to cause a denial of service, resulting in an infinite loop, via a TCP packet with specific options. This can be achieved by sending a TCP packet with either the SACK option or the Alternate Checksum Data option followed by a length of zero. **Recommendations** For Symantec Norton Internet Security versions 2003 through 2004, update to a version that includes a fix for this issue. For Norton Personal Firewall versions 2003 through 2004, update to a version that includes a fix for this issue. For Client Firewall versions 5.01 through 5.1.1, update to a version that includes a fix for this issue. For Client Security versions 1.0 through 1.1, update to a version that includes a fix for this issue. As a temporary workaround, consider restricting access to the network to minimize the risk of exploitation.