Lucas Apa

**Name of the Vulnerable Software and Affected Versions** Apple OS X versions prior to 10.9.2 **Description** The issue is related to an integer signedness error in CoreText, which allows remote attackers to execute arbitrary code or cause a denial of service, resulting in an application crash. This can be achieved by using a crafted Unicode font. **Recommendations** For Apple OS X versions prior to 10.9.2, update to version 10.9.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** WellinTech KingView versions 6.52, 6.53, 6.55 **Description** The issue allows remote attackers to execute arbitrary code or cause a denial of service due to memory corruption via a crafted packet. This is a result of a buffer overflow in the kingMess.exe component. **Recommendations** For WellinTech KingView version 6.52, update the kingMess.exe component to a version that is not affected by the buffer overflow issue. For WellinTech KingView version 6.53, update the kingMess.exe component to a version that is not affected by the buffer overflow issue. For WellinTech KingView version 6.55, update the kingMess.exe component to a version that is not affected by the buffer overflow issue.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows versions prior to the fixed version **Description** A remote code execution issue exists due to the way Microsoft Windows parses filenames, potentially allowing attackers to execute arbitrary code in the context of the current user by triggering the use of unallocated memory as the destination of a copy operation. **Recommendations** For Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Siemens SiPass integrated versions MP2.6 and earlier **Description** The issue arises from improper handling of IOCP RPC messages by AscoServer.exe in the server, allowing remote attackers to write data to any memory location and execute arbitrary code via crafted messages. This can be achieved through methods such as an arbitrary pointer dereference attack or a buffer overflow attack. **Recommendations** For versions MP2.6 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.