Richard Van Eeden

**Name of the Vulnerable Software and Affected Versions** Mac OS X versions 10.6 through 10.6.3 Mac OS X Server versions 10.6 through 10.6.3 **Description** The issue exists due to insufficient input validation in the operating system, allowing a local attacker to gain system privileges. **Recommendations** For Mac OS X versions 10.6 through 10.6.3, update to a version outside of this range to resolve the issue. For Mac OS X Server versions 10.6 through 10.6.3, update to a version outside of this range to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Samba versions 3.5.x through 3.6.24 Samba versions 4.0.x through 4.0.24 Samba versions 4.1.x through 4.1.16 Samba versions 4.2.x through 4.2.0rc4 **Description** The issue is related to errors in the code of the Samba network interaction package, specifically in the netr ServerPasswordSet function. Exploitation of this issue may allow a remote attacker to execute arbitrary code with administrator privileges using a specially crafted remote procedure call to the ServerPasswordSet RPC API. The vulnerability exists due to the free operation on an uninitialized stack pointer in the Netlogon server implementation in smbd. This allows remote attackers to execute arbitrary code via crafted Netlogon packets that use the ServerPasswordSet RPC API. **Recommendations** For Samba versions 3.5.x through 3.6.24, update to version 3.6.25 or later. For Samba versions 4.0.x through 4.0.24, update to version 4.0.25 or later. For Samba versions 4.1.x through 4.1.16, update to version 4.1.17 or later. For Samba versions 4.2.x through 4.2.0rc4, update to version 4.2.0rc5 or later.

Name of the Vulnerable Software and Affected Versions: Adobe Reader and Acrobat versions 7.x through 7.1.3 Adobe Reader and Acrobat versions 8.x through 8.1.6 Adobe Reader and Acrobat versions 9.x through 9.1 Description: The issue concerns the JavaScript for Acrobat API, which does not properly implement certain restrictions for unspecified JavaScript methods. This allows remote attackers to create arbitrary files, and possibly execute arbitrary code, via the `cPath` parameter in a crafted PDF file. Recommendations: For Adobe Reader and Acrobat versions 7.x through 7.1.3, update to version 7.1.4 or later. For Adobe Reader and Acrobat versions 8.x through 8.1.6, update to version 8.1.7 or later. For Adobe Reader and Acrobat versions 9.x through 9.1, update to version 9.2 or later.

Name of the Vulnerable Software and Affected Versions: Mac OS X versions prior to 10.5.6 Description: The issue is related to multiple integer overflows in the kernel on Intel platforms, which can be exploited by local users to gain privileges. This can be achieved through crafted calls to specific functions, including (1) i386 set ldt or (2) i386 get ldt. Recommendations: For Mac OS X versions prior to 10.5.6, update to version 10.5.6 or later to resolve the issue.