Mike Price

Name of the Vulnerable Software and Affected Versions: Apple QuickTime versions prior to 7.3.1 Description: The issue is related to multiple unspecified vulnerabilities in the Flash media handler of Apple QuickTime. These vulnerabilities can be exploited by remote attackers via a crafted QuickTime movie, potentially allowing the execution of arbitrary code or having other unspecified impacts. Recommendations: For versions prior to 7.3.1, update to version 7.3.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple QuickTime versions prior to 7.1.5 **Description** The issue is a stack-based buffer overflow that can be triggered by a remote user-assisted attacker using a crafted QTIF file, potentially leading to a denial of service (crash) and possibly the execution of arbitrary code. **Recommendations** For versions prior to 7.1.5, update to version 7.1.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple QuickTime versions prior to 7.1.5 **Description** A heap-based buffer overflow issue allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PICT file. **Recommendations** For versions prior to 7.1.5, update to version 7.1.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple Quicktime versions 7.1.3 and earlier **Description** The issue allows remote attackers to cause a denial of service, potentially leading to application crashes, and possibly execute arbitrary code via a crafted PICT file. This is due to memory corruption in the ` GetSrcBits32ARGB` function triggered by the `InternalUnpackBits` function in Apple QuickDraw. **Recommendations** For Apple Quicktime versions 7.1.3 and earlier, consider updating to a newer version to mitigate the risk of exploitation. As a temporary workaround, avoid using the `InternalUnpackBits` function until a patch is available. Restrict access to crafted PICT files to minimize the risk of triggering memory corruption in the ` GetSrcBits32ARGB` function.

**Name of the Vulnerable Software and Affected Versions** Apple QuickTime versions prior to 7.1.3 **Description** The issue is related to multiple buffer overflows in Apple QuickTime, which can be exploited by remote attackers to execute arbitrary code via a crafted QuickTime movie. A local overflow also exists due to the program's failure to validate QuickTime files, resulting in a buffer overflow when a specially crafted file is used. This can lead to arbitrary code execution and a loss of integrity. **Recommendations** For Apple QuickTime versions prior to 7.1.3, update to version 7.1.3 or later to resolve the issue. As a temporary workaround, consider avoiding the use of crafted QuickTime movies and restricting access to untrusted QuickTime files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Apple QuickTime versions prior to 7.1.3 **Description** The issue is related to a heap-based buffer overflow that can be triggered by a specially crafted FLC movie file, specifically through the COLOR 64 chunk. This allows remote attackers to execute arbitrary code, resulting in a loss of integrity. The problem arises from the program's failure to properly validate FLC files, leading to a heap buffer overflow. **Recommendations** For Apple QuickTime versions prior to 7.1.3, update to version 7.1.3 or later to resolve the issue. As a temporary workaround, consider avoiding the use of FLC files or restricting access to potentially malicious files until the update can be applied.

**Name of the Vulnerable Software and Affected Versions** Apple QuickTime versions prior to 7.1.3 **Description** The issue is related to a buffer overflow that can be triggered by a crafted SGI image, allowing remote attackers to execute arbitrary code. This is due to the program's failure to validate SGI files properly, resulting in a buffer overflow. With a specially crafted file, an attacker can cause arbitrary code execution, leading to a loss of integrity. **Recommendations** For Apple QuickTime versions prior to 7.1.3, update to version 7.1.3 or later to resolve the issue. As a temporary workaround, consider avoiding the use of SGI files until the update is applied. Restrict access to untrusted SGI files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Apple QuickTime versions prior to 7.1.3 **Description** The issue is related to an integer overflow in Apple QuickTime, which allows remote attackers to execute arbitrary code via a crafted H.264 movie file. A local overflow exists due to the program's failure to validate H.264 movie files, resulting in an integer or buffer overflow. This can be exploited with a specially crafted file, leading to arbitrary code execution and a loss of integrity. **Recommendations** For Apple QuickTime versions prior to 7.1.3, update to version 7.1.3 or later to resolve the issue. As a temporary workaround, consider avoiding the use of H.264 movie files until the update is applied. Restrict access to untrusted H.264 movie files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Apple QuickTime versions prior to 7.1.3 **Description** The issue is related to an integer overflow that allows remote attackers to execute arbitrary code via a crafted FlashPix file. A local overflow exists due to the program's failure to validate FlashPix files, resulting in a buffer or integer overflow. This can be exploited with a specially crafted request, leading to arbitrary code execution and a loss of integrity. **Recommendations** For Apple QuickTime versions prior to 7.1.3, update to version 7.1.3 or later to resolve the issue. As a temporary workaround, consider avoiding the use of FlashPix files until the update is applied. Restrict access to untrusted FlashPix files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Apple QuickTime versions prior to 7.1.3 **Description** The issue allows user-assisted remote attackers to execute arbitrary code via a crafted FlashPix (FPX) file. This triggers an exception that leads to an operation on an uninitialized object, potentially resulting in a loss of integrity. **Recommendations** For Apple QuickTime versions prior to 7.1.3, update to version 7.1.3 or later to resolve the issue. As a temporary workaround, consider avoiding the use of FlashPix files until the issue is resolved. Restrict access to potentially malicious FlashPix files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows versions prior to Server 2003 SP2 Microsoft Windows 2000 SP4 Microsoft Windows XP SP1 and SP2 **Description** The issue allows remote attackers to obtain sensitive information via crafted requests that leak information in SMB buffers, which are not properly initialized. This is due to an information disclosure vulnerability in the Server service, which could allow an attacker to view fragments of memory used to store SMB traffic during transport. **Recommendations** For Microsoft Windows 2000 SP4, consider applying the necessary security patches to resolve the issue. For Microsoft Windows XP SP1 and SP2, update to a newer service pack to mitigate the risk. For Microsoft Windows Server 2003 up to SP1, apply the security update or upgrade to Server 2003 SP2 or later. As a temporary workaround, consider restricting access to the Server service to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Apple QuickTime versions prior to 7.1 **Description** The issue is related to multiple integer overflows that can be triggered by a crafted QuickTime movie (.MOV), potentially allowing remote attackers to cause a denial of service or execute arbitrary code. **Recommendations** For versions prior to 7.1, update to version 7.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple QuickTime versions prior to 7.1 **Description** The issue is related to a heap-based buffer overflow that can be triggered by a crafted QuickDraw PICT image format file containing malformed image data, potentially allowing remote attackers to execute arbitrary code. **Recommendations** For versions prior to 7.1, update to version 7.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple QuickTime versions prior to 7.1 **Description** The issue is related to a stack-based buffer overflow that can be triggered by a crafted QuickDraw PICT image format file containing malformed font information, allowing remote attackers to execute arbitrary code. **Recommendations** For versions prior to 7.1, update to version 7.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple QuickTime versions prior to 7.1 **Description** The issue allows remote attackers to execute arbitrary code via a crafted QuickTime movie (.MOV) file. This is achieved by exploiting multiple buffer overflows, for example, by specifying a large size for a `udta` Atom. **Recommendations** For versions prior to 7.1, update to version 7.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple QuickTime versions prior to 7.1 **Description** The issue is related to multiple buffer overflows that can be triggered by a crafted QuickTime Flash (SWF) file, allowing remote attackers to execute arbitrary code. **Recommendations** For Apple QuickTime versions prior to 7.1, update to version 7.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple QuickTime versions prior to 7.1 **Description** The issue is related to multiple integer overflows in the handling of crafted QuickTime H.264 (M4V) video format files, which can allow remote attackers to execute arbitrary code. **Recommendations** For versions prior to 7.1, update to version 7.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple QuickTime versions prior to 7.1 **Description** The issue allows remote attackers to execute arbitrary code via a crafted QuickTime MPEG4 (M4P) video format file. This is due to a buffer overflow in the affected software. **Recommendations** For Apple QuickTime versions prior to 7.1, update to version 7.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple QuickTime versions prior to 7.1 **Description** The issue allows remote attackers to execute arbitrary code via a crafted QuickTime AVI video format file. This is due to a buffer overflow in the affected software. **Recommendations** For Apple QuickTime versions prior to 7.1, update to version 7.1 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Windows NT versions 4.0 Windows 2000 Windows XP Windows Server 2003 Description: The issue allows remote attackers to obtain sensitive information by including random memory in a response to a NetBIOS Name Service (NBNS) query. Recommendations: For Windows NT 4.0, consider disabling the NetBT Name Service (NBNS) until a patch is available. For Windows 2000, restrict access to the NBNS to minimize the risk of exploitation. For Windows XP, avoid using the NBNS for sensitive operations until the issue is resolved. For Windows Server 2003, consider configuring the server to limit responses to NBNS queries as a temporary workaround.