Kaveh Ghaemmaghami

**Name of the Vulnerable Software and Affected Versions** Corel PDF Fusion version 1.11 **Description** The issue allows remote attackers to execute arbitrary code or cause a denial of service, resulting in an application crash. This is achieved via a long ZIP directory entry name in an XPS file, which triggers a stack-based buffer overflow. **Recommendations** For Corel PDF Fusion version 1.11, update to a newer version that contains a fix for this issue to prevent exploitation.

**Name of the Vulnerable Software and Affected Versions** Microsoft Access versions 2007 SP3, 2010 SP1 and SP2, and 2013 **Description** The issue allows remote attackers to execute arbitrary code or cause a denial of service due to memory corruption via a crafted Access file. Remote code execution vulnerabilities exist in the way that Microsoft Access parses content in Access files, potentially allowing an attacker to take complete control of an affected system. This could enable the attacker to install programs, view, change, or delete data, or create new accounts with full user rights. The impact may be less severe for users with fewer user rights on the system compared to those operating with administrative user rights. **Recommendations** For Microsoft Access 2007 SP3, update to a version that is not affected by this issue. For Microsoft Access 2010 SP1 and SP2, update to a version that is not affected by this issue. For Microsoft Access 2013, update to a version that is not affected by this issue.