Rh0

**Name of the Vulnerable Software and Affected Versions** X360 VideoPlayer versions 2.6 **Description** A buffer overflow vulnerability exists in the X360 VideoPlayer ActiveX control (`VideoPlayer.ocx`) when handling overly long arguments to the `ConvertFile()` method. An attacker can exploit this vulnerability by supplying crafted input to cause memory corruption and execute arbitrary code within the context of the current process. **Recommendations** X360 VideoPlayer version 2.6: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Wine version 3.7 **Description** The issue allows attackers to cause a denial of service or possibly have other impact due to an out-of-bounds write. This is because the attacker controls the `pCreatePen->ihPen` array index in the `PlayEnhMetaFileRecord` function in `enhmetafile.c`. **Recommendations** For Wine version 3.7, consider restricting access to the `PlayEnhMetaFileRecord` function in `enhmetafile.c` to minimize the risk of exploitation. As a temporary workaround, avoid using the `pCreatePen->ihPen` array index in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 52 Firefox ESR versions prior to 45.8 Thunderbird versions prior to 52 Thunderbird versions prior to 45.8 **Description** The issue allows for a bypass of ASLR and DEP protections, potentially leading to memory corruption attacks. This is achieved through JIT-spray targeting asm.js combined with a heap spray. **Recommendations** For Firefox versions prior to 52, update to version 52 or later. For Firefox ESR versions prior to 45.8, update to version 45.8 or later. For Thunderbird versions prior to 52, update to version 52 or later. For Thunderbird versions prior to 45.8, update to version 45.8 or later.

**Name of the Vulnerable Software and Affected Versions** Thunderbird versions prior to 45.7 Firefox ESR versions prior to 45.7 Firefox versions prior to 51 **Description** The issue allows for a bypass of ASLR and DEP protections, potentially leading to memory corruption attacks. This is due to JIT code allocation. **Recommendations** For Thunderbird versions prior to 45.7, update to version 45.7 or later. For Firefox ESR versions prior to 45.7, update to version 45.7 or later. For Firefox versions prior to 51, update to version 51 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 47.0 Mozilla Firefox ESR versions prior to 45.2 **Description** The issue is related to a heap-based buffer overflow that can be triggered by foreign-context HTML5 fragments. This can be demonstrated by fragments within an SVG element, allowing remote attackers to execute arbitrary code. **Recommendations** For Mozilla Firefox versions prior to 47.0, update to version 47.0 or later. For Mozilla Firefox ESR versions prior to 45.2, update to version 45.2 or later.

**Name of the Vulnerable Software and Affected Versions** CCMPlayer version 1.5 **Description** The issue is a stack-based buffer overflow that allows remote attackers to execute arbitrary code. This is achieved by providing a long track name in an m3u playlist. **Recommendations** For version 1.5, update to a newer version that contains a fix for this issue, as using a long track name in an m3u playlist can lead to arbitrary code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 8.0 Thunderbird versions prior to 8.0 **Description** The issue is related to improper memory allocation in the browser engine, which can be exploited by remote attackers to cause a denial of service, resulting in memory corruption and application crash, or potentially execute arbitrary code. **Recommendations** For Mozilla Firefox versions prior to 8.0, update to version 8.0 or later to resolve the issue. For Thunderbird versions prior to 8.0, update to version 8.0 or later to resolve the issue.