Securfrog

**Name of the Vulnerable Software and Affected Versions** Winamp versions 5.541 and earlier **Description** The issue is caused by a boundary error in the processing of AIFF files, leading to a heap-based buffer overflow. This can be exploited via a large Common Chunk (COMM) header value in an AIFF file or a large invalid value in an MP3 file, potentially allowing remote attackers to cause a denial of service and possibly execute arbitrary code. **Recommendations** For Winamp versions 5.541 and earlier, consider updating to a newer version to mitigate the risk of exploitation. As a temporary workaround, restrict the processing of AIFF and MP3 files to minimize the risk of a heap-based buffer overflow. Avoid using the `COMM` header value in AIFF files and invalid values in MP3 files until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** OpenOffice.org versions 1.1.2 through 1.1.5 **Description** The issue allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted Word 97 file, including .doc, .wri, or .rtf files, that triggers memory corruption. This issue has been exploited in the wild. **Recommendations** For OpenOffice.org versions 1.1.2 through 1.1.5, consider avoiding the use of potentially malicious Word 97 files until a patch is available. As a temporary workaround, restrict the opening of .doc, .wri, and .rtf files from untrusted sources to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows XP version SP3 **Description** A buffer overflow issue allows remote attackers to cause a denial of service, resulting in memory corruption and application crash, or possibly execute arbitrary code via a crafted .chm file. **Recommendations** For Microsoft Windows XP version SP3, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Teamtek Universal FTP Server version 1.0.44 **Description** The issue allows remote attackers to cause a denial of service. This can be achieved through specific commands, including a certain CWD command, a long LIST command, or a certain PORT command. **Recommendations** For Teamtek Universal FTP Server version 1.0.44, consider restricting access to the CWD, LIST, and PORT commands as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows versions prior to the patchday that contains the fix for this issue **Description** A remote code execution issue exists in the way that Microsoft WordPad processes memory when parsing a specially crafted Word 97 document. This could allow remote code execution if a user opens a specially crafted Word file that includes a malformed list structure. The issue has been exploited in the wild. **Recommendations** As a temporary workaround, consider disabling the WordPad Text Converter for Word 97 files until a patch is available. Restrict access to Word 97 files to minimize the risk of exploitation. Avoid using WordPad to open untrusted Word 97 documents until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Apple QuickTime version 7.5.5 iTunes version 8.0 **Description** The issue is related to a buffer overflow that can be triggered by a long type attribute in a quicktime tag on a web page or embedded in .mp4 or .mov files. This could lead to a denial of service, causing a browser crash, or possibly allow the execution of arbitrary code. The problem might be connected to the Check stack cookie function and an off-by-one error resulting in a heap-based buffer overflow. **Recommendations** For Apple QuickTime version 7.5.5, consider updating to a newer version to mitigate the risk. For iTunes version 8.0, consider updating to a newer version to mitigate the risk. As a temporary workaround, consider restricting the use of quicktime tags in web pages or embedded in .mp4 or .mov files until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Ipswitch WS FTP Home client (affected versions not specified) **Description** A buffer overflow issue in the Ipswitch WS FTP Home client allows remote FTP servers to potentially cause an unknown impact by sending a long "message response." **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ipswitch WS FTP Home version 2007.0.0.2 Ipswitch WS FTP Professional version 2007.1.0.0 **Description** The issue allows remote FTP servers to cause a denial of service or possibly execute arbitrary code via format string specifiers in a connection greeting response. **Recommendations** For Ipswitch WS FTP Home version 2007.0.0.2, update to a version that fixes the format string vulnerability. For Ipswitch WS FTP Professional version 2007.1.0.0, update to a version that fixes the format string vulnerability. As a temporary workaround, consider restricting access to untrusted FTP servers to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** HydraIRC versions 0.3.164 and earlier **Description** The issue allows remote attackers to cause a denial of service, resulting in a NULL pointer dereference and application crash. This can be achieved via a long irc:// URI. **Recommendations** For versions 0.3.164 and earlier, update to a version later than 0.3.164 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** XChat version 2.8.7b and earlier **Description** The issue allows remote attackers to execute arbitrary commands via the `--command` parameter in an `ircs://` URI when Internet Explorer is used. **Recommendations** For XChat version 2.8.7b and earlier, avoid using the `--command` parameter in an `ircs://` URI until the issue is resolved. As a temporary workaround, consider restricting access to `ircs://` URIs to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** freeSSHd version 1.2.1 **Description** The issue is a stack-based buffer overflow in the SFTP component of freeSSHd, allowing remote authenticated users to execute arbitrary code. This can be achieved by sending a long directory name in an SSH FXP OPENDIR (also known as opendir) command. **Recommendations** For freeSSHd version 1.2.1, consider restricting access to the SFTP component until a patch is available. As a temporary workaround, limit the length of directory names that can be used in SSH FXP OPENDIR commands to prevent exploitation.

**Name of the Vulnerable Software and Affected Versions** Adobe Acrobat Reader versions 8.1.2 and earlier Adobe Acrobat Reader versions before 7.1.1 **Description** The issue allows remote attackers to cause a denial of service, resulting in an application crash, and possibly execute arbitrary code via a malformed PDF document. **Recommendations** For Adobe Acrobat Reader versions 8.1.2 and earlier, update to a version later than 8.1.2 to resolve the issue. For Adobe Acrobat Reader versions before 7.1.1, update to a version 7.1.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Titan FTP Server versions 6.03 through 6.0.5.549 **Description** The issue is related to multiple heap-based buffer overflows that can be triggered by remote attackers. This can be achieved by sending a long argument to either the `USER` or `PASS` command. The potential impact includes causing a denial of service, such as crashing or hanging the daemon, and possibly allowing the execution of arbitrary code. **Recommendations** For Titan FTP Server versions 6.03 through 6.0.5.549, consider restricting access to the `USER` and `PASS` commands until a patch is available. As a temporary workaround, limit the length of arguments accepted by these commands to prevent buffer overflows. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** dBpowerAMP Audio Player version Release 2 **Description** The issue allows remote attackers to execute arbitrary code via a .M3U file with a long URI. **Recommendations** For dBpowerAMP Audio Player version Release 2, consider avoiding the use of .M3U files with long URIs until a patch is available. As a temporary workaround, restrict the handling of .M3U files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Nero Media Player versions 1.4.0.35 and earlier **Description** The issue allows remote attackers to execute arbitrary code or cause a denial of service via a long URI in a .M3U file. This occurs due to a buffer overflow in NeroMediaPlayer.exe. **Recommendations** For versions 1.4.0.35 and earlier, update to a version later than 1.4.0.35 to resolve the issue. As a temporary workaround, consider avoiding the use of long URIs in .M3U files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Ipswitch WS FTP Server with SSH version 6.1.0.0 **Description** The issue allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long `opendir` command. This can be exploited by sending a long command to the server, potentially leading to a buffer overflow. **Recommendations** For Ipswitch WS FTP Server with SSH version 6.1.0.0, consider restricting access to the `opendir` command as a temporary workaround until a patch is available. Avoid using long commands that could trigger the buffer overflow until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Tikiwiki version 1.9.5 Description: A cross-site scripting issue exists, allowing remote attackers to inject arbitrary web script or HTML via a `url` parameter. This occurs because the parameter value can contain malformed, nested `SCRIPT` elements, which evade filtering. Recommendations: For Tikiwiki version 1.9.5, consider restricting access to the `tiki-featured link.php` file until a patch is available. As a temporary workaround, avoid using the `url` parameter in the affected file to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Tikiwiki version 1.9.5 Description: The issue allows remote attackers to obtain sensitive information, including the MySQL username and password, by exploiting an empty `sort mode` parameter in various PHP files. This is achieved through certain database error messages that reveal the information. The affected PHP files include `tiki-listpages.php`, `tiki-lastchanges.php`, `messu-archive.php`, `messu-mailbox.php`, `messu-sent.php`, `tiki-directory add site.php`, `tiki-directory ranking.php`, `tiki-directory search.php`, `tiki-forums.php`, `tiki-view forum.php`, `tiki-friends.php`, `tiki-list blogs.php`, `tiki-list faqs.php`, `tiki-list trackers.php`, `tiki-list users.php`, `tiki-my tiki.php`, `tiki-notepad list.php`, `tiki-orphan pages.php`, `tiki-shoutbox.php`, `tiki-usermenu.php`, and `tiki-webmail contacts.php`. Recommendations: As a temporary workaround, consider restricting access to the vulnerable PHP files until a patch is available. Avoid using an empty `sort mode` parameter in the affected API endpoints. At the moment, there is no information about a newer version that contains a fix for this vulnerability.