Neel Mehta

**Name of the Vulnerable Software and Affected Versions** Google Chrome on Android versions prior to 95.0.4638.69 **Description** The issue is related to insufficient validation of untrusted input in Intents, allowing a remote attacker to redirect the browser to a malicious URL via a crafted HTML page. This can be exploited by a remote attacker to gain access to the system. **Recommendations** For Google Chrome on Android versions prior to 95.0.4638.69, update to version 95.0.4638.69 or later to resolve the issue. As a temporary workaround, consider restricting access to untrusted HTML pages to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows XP versions SP2 through SP3 Microsoft Windows Server 2003 version SP2 Microsoft Windows Vista version SP2 Microsoft Windows Server 2008 versions SP2 through R2 SP1 Microsoft Windows 7 versions Gold through SP1 **Description** The issue allows remote attackers to execute arbitrary code via a crafted media file, related to Quartz.dll, Qdvd.dll, closed captioning, and the Line21 DirectShow filter. **Recommendations** For Microsoft Windows XP versions SP2 through SP3, apply the recommended patch to resolve the issue. For Microsoft Windows Server 2003 version SP2, apply the recommended patch to resolve the issue. For Microsoft Windows Vista version SP2, apply the recommended patch to resolve the issue. For Microsoft Windows Server 2008 versions SP2 through R2 SP1, apply the recommended patch to resolve the issue. For Microsoft Windows 7 versions Gold through SP1, apply the recommended patch to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** polkit versions prior to 0.104-r1 policykit-1 versions prior to 0.104-r1 **Description** The issue affects the polkit package in Gentoo Linux and policykit-1 in Debian GNU/Linux, allowing local exploitation that may lead to breaches in confidentiality, integrity, and availability of protected information. A race condition in the pkexec utility and polkitd daemon in PolicyKit allows local users to gain privileges by executing a setuid program from pkexec, related to the use of the effective user ID instead of the real user ID. **Recommendations** For polkit versions prior to 0.104-r1, update to version 0.104-r1 or later to resolve the issue. For policykit-1 versions prior to 0.104-r1, update to version 0.104-r1 or later to resolve the issue. As a temporary workaround, consider restricting access to the pkexec utility and polkitd daemon to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows XP versions SP2 through SP3 Microsoft Windows Server 2003 version SP2 Microsoft Windows Vista versions SP1 through SP2 Microsoft Windows Server 2008 versions Gold through R2 SP1 Microsoft Windows 7 versions Gold through SP1 **Description** The issue arises from the DNS client's improper processing of DNS queries, allowing remote attackers to execute arbitrary code via a crafted LLMNR broadcast query or a crafted application. This could enable an attacker to run arbitrary code in the context of the NetworkService account, potentially leading to the installation of programs, viewing, changing, or deleting data, or creating new accounts with full user rights. **Recommendations** For Microsoft Windows XP versions SP2 through SP3, apply the relevant patch to fix the DNS client service. For Microsoft Windows Server 2003 version SP2, apply the relevant patch to fix the DNS client service. For Microsoft Windows Vista versions SP1 through SP2, apply the relevant patch to fix the DNS client service. For Microsoft Windows Server 2008 versions Gold through R2 SP1, apply the relevant patch to fix the DNS client service. For Microsoft Windows 7 versions Gold through SP1, apply the relevant patch to fix the DNS client service. As a temporary workaround, consider restricting access to the `DNSAPI.dll` until a patch is available.

**Name of the Vulnerable Software and Affected Versions** OpenSSL versions 0.9.8h through 0.9.8q OpenSSL versions 1.0.0 through 1.0.0c OpenSSL versions prior to 1.0.0e **Description** The issue allows remote attackers to cause a denial of service (crash) and possibly obtain sensitive information in applications that use OpenSSL, via a malformed ClientHello handshake message that triggers an out-of-bounds memory access. Exploitation of the vulnerabilities may lead to a violation of confidentiality, integrity, and availability of protected information and can be carried out remotely. **Recommendations** For OpenSSL versions 0.9.8h through 0.9.8q, update to a version later than 0.9.8q. For OpenSSL versions 1.0.0 through 1.0.0c, update to a version later than 1.0.0c. For OpenSSL versions prior to 1.0.0e, update to version 1.0.0e or later.

**Name of the Vulnerable Software and Affected Versions** OpenSSL versions prior to 0.9.8m OpenSSL versions 0.9.7a OpenSSL versions prior to 1.0.0e **Description** The issue concerns multiple vulnerabilities in the OpenSSL package, which can lead to a breach of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. The vulnerabilities are related to the `bn wexpand` function calls in various files, including `crypto/bn/bn div.c`, `crypto/bn/bn gf2m.c`, `crypto/ec/ec2 smpl.c`, and `engines/e ubsec.c`. The impact and attack vectors of these vulnerabilities are context-dependent. **Recommendations** For OpenSSL versions prior to 0.9.8m, update to version 0.9.8m or later. For OpenSSL versions 0.9.7a, update to a version later than 0.9.7a. For OpenSSL versions prior to 1.0.0e, update to version 1.0.0e or later. As a temporary workaround, consider restricting access to sensitive data and limiting the use of affected systems until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows Vista versions Gold, SP1, and SP2 Microsoft Windows Server 2008 versions Gold and SP2 **Description** A remote code execution issue exists due to insufficient bounds checking when processing specially crafted ICMPv6 Router Advertisement packets. This allows an anonymous attacker to execute arbitrary code via crafted packets. An attacker who successfully exploits this issue could take complete control of an affected system, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights. **Recommendations** For Microsoft Windows Vista versions Gold, SP1, and SP2, update to a version that includes the fix for this issue. For Microsoft Windows Server 2008 versions Gold and SP2, update to a version that includes the fix for this issue. As a temporary workaround, consider disabling IPv6 until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows Vista versions Gold, SP1, and SP2 Microsoft Windows Server 2008 versions Gold and SP2 **Description** A remote code execution issue exists due to improper handling of local fragmentation of Encapsulating Security Payload (ESP) over UDP packets when a custom network driver is used. This allows remote attackers to execute arbitrary code via crafted packets. An attacker who successfully exploits this issue could take complete control of an affected system, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights. **Recommendations** For Microsoft Windows Vista versions Gold, SP1, and SP2, update to a version that properly handles ESP over UDP packets to prevent exploitation. For Microsoft Windows Server 2008 versions Gold and SP2, update to a version that properly handles ESP over UDP packets to prevent exploitation. As a temporary workaround, consider disabling custom network drivers until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows Vista versions Gold, SP1, and SP2 Microsoft Windows Server 2008 versions Gold and SP2 **Description** The issue arises from insufficient bounds checking in the TCP/IP implementation when processing specially crafted ICMPv6 Route Information packets, allowing remote attackers to execute arbitrary code. This could enable an attacker to take complete control of an affected system, potentially leading to the installation of programs, viewing, changing, or deleting data, or creating new accounts with full user rights. **Recommendations** For Microsoft Windows Vista versions Gold, SP1, and SP2, update to a version that includes the fix for the ICMPv6 Route Information vulnerability. For Microsoft Windows Server 2008 versions Gold and SP2, update to a version that includes the fix for the ICMPv6 Route Information vulnerability. As a temporary workaround, consider disabling IPv6 on affected systems until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Windows Vista versions Gold, SP1, and SP2 Windows Server 2008 versions Gold and SP2 **Description** A remote code execution issue exists due to improper processing of WSD message headers by the Web Services on Devices API (WSDAPI). This allows remote attackers to execute arbitrary code via a crafted message or response. The vulnerability is caused by the service not properly handling a WSDAPI message with a specially crafted header, which could allow an attacker to take complete control of an affected system. **Recommendations** For Windows Vista versions Gold, SP1, and SP2: Apply the necessary patch to fix the Web Services on Devices API (WSDAPI) memory corruption issue. For Windows Server 2008 versions Gold and SP2: Apply the necessary patch to fix the Web Services on Devices API (WSDAPI) memory corruption issue.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows versions prior to the fixed version **Description** The issue is caused by an integer underflow in the kernel, allowing local users to gain privileges via a crafted application. This occurs due to the incorrect truncation of a 64-bit integer to a 32-bit integer. An attacker who successfully exploits this issue could run arbitrary code in kernel mode, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights. **Recommendations** For Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2, update to a version that includes the fix for the integer underflow issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows Server 2003 SP2 **Description** A denial of service issue exists due to the improper handling of exceptions by the Windows kernel when an error condition occurs. This allows local users to cause a system reboot by running a specially crafted application. **Recommendations** For Microsoft Windows Server 2003 SP2, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Microsoft Malware Protection Engine (mpengine.dll) (affected versions not specified) Description: The issue is related to an integer overflow in the Microsoft Malware Protection Engine, which can be exploited by remote attackers to execute arbitrary code. This can be achieved through a crafted PDF file, requiring user assistance. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows versions prior to Windows XP Service Pack 2 **Description** A stack-based buffer overflow issue in the Plug and Play service allows remote attackers to execute arbitrary code via a crafted packet. Local users can also gain privileges by using a malicious application. This issue has been exploited by the Zotob worm. **Recommendations** For Microsoft Windows 2000 and Windows XP Service Pack 1, update to a newer service pack or version to resolve the issue. As a temporary workaround, consider restricting access to the Plug and Play service to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Clam AntiVirus (ClamAV) versions 0.86.1 and earlier **Description** The issue is related to multiple integer overflows in file format processors for TNEF, CHM, or FSG files in libclamav. This allows remote attackers to gain privileges via a crafted e-mail message. **Recommendations** For Clam AntiVirus (ClamAV) versions 0.86.1 and earlier, update to a version later than 0.86.1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows versions prior to XP SP3, 2000 SP4, and Server 2003 **Description** The issue allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IP packets with malformed options. **Recommendations** For Microsoft Windows XP SP2 and earlier, 2000 SP3 and SP4, and Server 2003, update to a newer version to mitigate the risk. At the moment, there is no information about a newer version that contains a fix for this vulnerability.