Nicolas Economou

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows XP versions SP2 through SP3 Microsoft Windows Server 2003 version SP2 Microsoft Windows Vista version SP2 Microsoft Windows Server 2008 versions SP2 through R2 SP1 Microsoft Windows 7 version SP1 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 versions Gold through R2 **Description** The issue allows local users to gain privileges via a crafted application. A denial of service condition exists due to improper handling of objects in memory by the Win32k.sys kernel-mode driver, which could cause the target system to stop responding. **Recommendations** For Microsoft Windows XP versions SP2 through SP3, apply the patch to fix the integer overflow in the kernel-mode drivers. For Microsoft Windows Server 2003 version SP2, apply the patch to fix the integer overflow in the kernel-mode drivers. For Microsoft Windows Vista version SP2, apply the patch to fix the integer overflow in the kernel-mode drivers. For Microsoft Windows Server 2008 versions SP2 through R2 SP1, apply the patch to fix the integer overflow in the kernel-mode drivers. For Microsoft Windows 7 version SP1, apply the patch to fix the integer overflow in the kernel-mode drivers. For Microsoft Windows 8, apply the patch to fix the integer overflow in the kernel-mode drivers. For Microsoft Windows 8.1, apply the patch to fix the integer overflow in the kernel-mode drivers. For Microsoft Windows Server 2012 versions Gold through R2, apply the patch to fix the integer overflow in the kernel-mode drivers.

**Name of the Vulnerable Software and Affected Versions** Apple Mac OS X versions through 10.6.8 **Description** The issue allows remote attackers to execute arbitrary code or cause a denial of service, resulting in a daemon crash, via a crafted message. **Recommendations** For Apple Mac OS X versions through 10.6.8, update to a version later than 10.6.8 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Windows XP versions SP2 and SP3 Windows Server 2003 version SP2 Windows Vista version SP2 Windows Server 2008 versions SP2, R2, and R2 SP1 Windows 7 versions Gold and SP1 **Description** The issue arises from the improper handling of keyboard-layout files by the win32k.sys in the kernel-mode drivers. This allows local users to gain privileges via a crafted application. An elevation of privilege vulnerability exists in the way that the Windows kernel-mode driver handles specific keyboard layouts, potentially enabling an attacker to run arbitrary code in kernel mode. This could lead to the installation of programs, viewing, changing, or deleting data, or creating new accounts with full administrative rights. **Recommendations** For Windows XP versions SP2 and SP3, update the kernel-mode driver to a version that properly handles keyboard-layout files. For Windows Server 2003 version SP2, apply a patch that fixes the elevation of privilege vulnerability in the Windows kernel-mode driver. For Windows Vista version SP2, install an update that addresses the improper handling of keyboard layouts. For Windows Server 2008 versions SP2, R2, and R2 SP1, apply a security update that resolves the vulnerability in the kernel-mode driver. For Windows 7 versions Gold and SP1, install a patch that fixes the elevation of privilege vulnerability in the Windows kernel-mode driver.

**Name of the Vulnerable Software and Affected Versions** Safari versions 1.1.4 through 2.0 **Description** The issue is caused by an off-by-one error in the ` web drawInRect:withFont:ellipsis:alignment:measureOnly` function in WebKit, allowing remote attackers to cause a denial of service (browser crash) via a JavaScript alert call with a specific argument. This argument must lack breakable characters and have a length that is a multiple of the memory page size, leading to an out-of-bounds read. **Recommendations** For Safari versions 1.1.4 through 2.0, consider avoiding the use of JavaScript alert calls with arguments that lack breakable characters and have a length that is a multiple of the memory page size until a patch is available. As a temporary workaround, restrict the execution of JavaScript code from untrusted sources to minimize the risk of exploitation.