Robert Graham

**Name of the Vulnerable Software and Affected Versions** Komodia Redirector with SSL Digestor (affected versions not specified) Lavasoft Ad-Aware Web Companion version 1.1.885.1766 Lavasoft Ad-Aware AdBlocker (alpha) version 1.3.69.1 Qustodio for Windows (affected versions not specified) Atom Security, Inc. StaffCop version 5.8 **Description** The issue concerns the use of the same X.509 certificate private key for a root CA certificate across different customers' installations of the Komodia Redirector with SSL Digestor SDK. This makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging knowledge of this key. **Recommendations** For Lavasoft Ad-Aware Web Companion version 1.1.885.1766, consider removing or disabling the affected SDK until a patch is available. For Lavasoft Ad-Aware AdBlocker (alpha) version 1.3.69.1, restrict the use of the SSL Digestor functionality to minimize the risk of exploitation. For Qustodio for Windows, temporarily disable the Komodia Redirector with SSL Digestor until a fixed version is released. For Atom Security, Inc. StaffCop version 5.8, avoid using the affected root CA certificate and consider generating a new, unique certificate for each installation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Messenger Service versions for Windows NT through Server 2003 Description: The issue arises from the Messenger Service not properly verifying the length of the message, allowing remote attackers to execute arbitrary code via a buffer overflow attack. Recommendations: For Windows NT through Server 2003, consider disabling the Messenger Service as a temporary workaround until a patch is available.