Kcope

**Name of the Vulnerable Software and Affected Versions** Microsoft Office versions prior to the fixed version **Description** A buffer overflow issue exists in the LsCreateLine function, affecting Microsoft Word and possibly other products in Microsoft Office. This issue can be exploited by remote user-assisted attackers via a crafted Word DOC or other Office file type, leading to a denial of service (crash). Initially, it was reported that this issue could allow code execution, but Microsoft and the original researcher later confirmed that code execution is not possible. **Recommendations** For Microsoft Office versions prior to the fixed version, update to the fixed version to resolve the issue. As a temporary workaround, consider avoiding the use of crafted Word DOC or other Office file types that could trigger the buffer overflow in the LsCreateLine function.

**Name of the Vulnerable Software and Affected Versions** Alt-N MDaemon versions 9.0.1 and earlier **Description** The issue is related to a buffer overflow that allows remote attackers to execute arbitrary code. This is achieved by providing a long A0001 argument that begins with a " (double quote). **Recommendations** For versions 9.0.1 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** linux-ftpd-ssl version 0.17 **Description** The issue concerns a buffer overflow in the SSL-ready version of linux-ftpd, which allows remote attackers to execute arbitrary code. This can be achieved by creating a long directory name and then executing the XPWD command. Additionally, multiple vulnerabilities in the ftpd-ssl package may lead to breaches in confidentiality, integrity, and availability of protected information, and these can be exploited remotely. **Recommendations** For linux-ftpd-ssl version 0.17, consider disabling the XPWD command as a temporary workaround until a patch is available. Restrict access to the ftpd-ssl package to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Qualcomm qpopper version 4.0.8 **Description** The issue allows local users to modify arbitrary files and gain privileges. This is achieved via the command line argument, specifically the -t option for specifying a trace file. **Recommendations** For version 4.0.8, avoid using the -t command line argument to minimize the risk of exploitation. Consider restricting access to the `poppassd` service until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** wzdftpd version 0.5.4 **Description** The issue allows remote authenticated users to execute arbitrary commands via shell metacharacters in the SITE command. **Recommendations** For wzdftpd version 0.5.4, consider restricting access to the SITE command until a patch is available. As a temporary workaround, avoid using the SITE command with untrusted input to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.