Shaun Colley

**Name of the Vulnerable Software and Affected Versions** Microsoft Office versions prior to the fixed version Microsoft Works versions 6 through 9 **Description** A heap-based buffer overflow issue exists in the Office Works File Converter, allowing remote attackers to execute arbitrary code via a crafted Works file. This issue enables an attacker to take complete control of an affected system, potentially leading to the installation of programs, viewing, changing, or deleting data, or creating new accounts. **Recommendations** For Microsoft Office 2007 SP2, update to a version that includes the fix for this issue. For Microsoft Works versions 6 through 9, consider disabling the Works File Converter until a patch is available. Restrict access to the Works File Converter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows versions prior to Windows 7, including Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2 **Description** A remote code execution issue exists in the Microsoft Data Analyzer ActiveX control, allowing attackers to execute arbitrary code via a crafted web page that corrupts the `system state`. This could enable an attacker to gain the same user rights as the logged-on user when a user views the specially crafted Web page. **Recommendations** For Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, update to a version that includes the fix for the Microsoft Data Analyzer ActiveX Control issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FreeBSD versions 6.0 through 8.0 **Description** The issue allows local users to cause a denial of service, resulting in a kernel panic, by sending a certain IOCTL request with a large count to the IATA (ata) driver when read access to /dev is available. This triggers a malloc call with a large value. **Recommendations** For FreeBSD versions 6.0 through 8.0, consider restricting access to the /dev directory to minimize the risk of exploitation. As a temporary workaround, limit the use of the IATA (ata) driver until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Microsoft Office versions 2000 SP3 through 2007 SP1 Works versions 8.5 through 9 Description: A buffer overflow issue exists in the Works for Windows document converters, allowing remote attackers to execute arbitrary code via a crafted Works .wps file. This could trigger memory corruption. The vulnerability could allow remote code execution if a user opens a specially crafted .wps file. Users with fewer user rights on the system could be less impacted than users who operate with administrative user rights. Recommendations: For Microsoft Office 2000 SP3, update to a version that includes the fix for this issue. For Microsoft Office XP SP3, update to a version that includes the fix for this issue. For Microsoft Office 2003 SP3, update to a version that includes the fix for this issue. For Microsoft Office 2007 SP1, update to a version that includes the fix for this issue. For Works 8.5 and 9, update to a version that includes the fix for this issue. As a temporary workaround, consider avoiding the use of the Works for Windows document converters to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Process Software MultiNet versions 8.3 **Description** The issue is a stack-based buffer overflow in the finger service of Process Software MultiNet for HP OpenVMS, allowing remote attackers to execute arbitrary code via a long request string. **Recommendations** For version 8.3, update to a newer version that contains a fix for this issue to prevent remote attackers from executing arbitrary code.

**Name of the Vulnerable Software and Affected Versions** Microsoft Excel versions 2000 through 2004 **Description** A remote code execution issue exists due to the processing of a malformed LABEL record file. This allows attackers to execute arbitrary code via a crafted .xls file that triggers memory corruption. An attacker could exploit this by constructing a specially crafted Excel file. **Recommendations** For Microsoft Excel versions 2000 through 2004, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** URBAN version 1.5.3 1 **Description** The issue allows local users to overwrite arbitrary files via a symlink attack on the high score or save game files. **Recommendations** For version 1.5.3 1, consider restricting access to the high score and save game files to prevent a symlink attack until a patch is available.

**Name of the Vulnerable Software and Affected Versions** urban versions prior to 1.5.3 **Description** The issue is related to multiple stack-based buffer overflows that can be exploited by local users to gain privileges. This can be achieved by setting a long `HOME` environment variable, which affects various components, including `config.cc`, `game.cc`, `highscor.cc`, and `meny.cc`. **Recommendations** For versions prior to 1.5.3, update to version 1.5.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** picasm versions 1.12b and earlier **Description** The issue is a stack-based buffer overflow in the error directive, which allows attackers to execute arbitrary code via a long error message. **Recommendations** For picasm versions 1.12b and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** metamail (affected versions not specified) **Description** The issue concerns a lack of verification of the output file before writing to it in Extcompose in metamail. This allows local users to potentially overwrite arbitrary files via a symlink attack. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** sharutils version 4.2.1 GNU sharutils version 4.2.1 **Description** The issue concerns multiple vulnerabilities in the sharutils package, which can lead to breaches in confidentiality, integrity, and availability of protected information. Exploitation of these vulnerabilities can be done remotely. A specific vulnerability is a stack-based buffer overflow in the shar utility, allowing local users to execute arbitrary code via a long `-o` command line argument. **Recommendations** For sharutils version 4.2.1, consider restricting access to the shar utility until a patch is available. For GNU sharutils version 4.2.1, avoid using long `-o` command line arguments in the shar utility to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** ConTEXt (affected versions not specified) **Description** The issue allows local users to overwrite arbitrary files via a symlink attack on `texutil.log` when TEXutil in ConTEXt is executed with the `--silent` option. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MySQL (affected versions not specified) **Description** The issue allows local users to overwrite arbitrary files via a symlink attack on the mysqld multi script in MySQL. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MySQL (affected versions not specified) **Description** The issue allows local users to overwrite arbitrary files via a symlink attack on the failed-mysql-bugreport temporary file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** palmhttpd for PalmOS (affected versions not specified) **Description** The issue allows remote attackers to cause a denial of service by establishing two simultaneous HTTP connections, which exceeds the PalmOS accept queue. This can lead to a crash. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Netris versions 0.52 and earlier **Description** The issue concerns multiple vulnerabilities in the Netris package of the Debian GNU/Linux operating system, which can be exploited remotely to compromise the confidentiality, integrity, and availability of protected information. A buffer overflow vulnerability allows remote malicious Netris servers to execute arbitrary code on Netris clients via a long server response. **Recommendations** For Netris versions 0.52 and earlier, consider disabling the Netris client functionality until a patch is available to prevent remote exploitation. Restrict access to Netris servers to minimize the risk of arbitrary code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Debian GNU/Linux kernel-image-2.4.19-sun4u-smp versions 2.4.19 Debian GNU/Linux kernel-image-2.4.18-powerpc-xfs versions 2.4.18 Debian GNU/Linux kernel-image-2.4.18-sun4u versions 2.4.18 Debian GNU/Linux kernel-patch-benh (affected versions not specified) Debian GNU/Linux kernel-image-2.4.18-sun4u-smp versions 2.4.18 Debian GNU/Linux kernel-headers-2.4.19-sparc versions 2.4.19 Debian GNU/Linux kernel-headers-2.4.18-sparc versions 2.4.18 Debian GNU/Linux kernel-image-2.4.19-sun4u versions 2.4.19 Gentoo Linux aa-sources versions prior to 2.4.23-r2 **Description** The issue involves multiple vulnerabilities in the Linux kernel packages of various operating systems, including Debian GNU/Linux and Gentoo Linux. These vulnerabilities can be exploited remotely or locally, leading to a breach of confidentiality, integrity, and availability of protected information. A potential buffer overflow exists in the `panic()` function in Linux 2.4.x, although it may not be exploitable due to the functionality of `panic()`. The vulnerabilities can be exploited to disrupt the security of the affected systems. **Recommendations** For Debian GNU/Linux kernel-image-2.4.19-sun4u-smp version 2.4.19, update to a newer version. For Debian GNU/Linux kernel-image-2.4.18-powerpc-xfs version 2.4.18, update to a newer version. For Debian GNU/Linux kernel-image-2.4.18-sun4u version 2.4.18, update to a newer version. For Debian GNU/Linux kernel-patch-benh, update to a newer version. For Debian GNU/Linux kernel-image-2.4.18-sun4u-smp version 2.4.18, update to a newer version. For Debian GNU/Linux kernel-headers-2.4.19-sparc version 2.4.19, update to a newer version. For Debian GNU/Linux kernel-headers-2.4.18-sparc version 2.4.18, update to a newer version. For Debian GNU/Linux kernel-image-2.4.19-sun4u version 2.4.19, update to a newer version. For Gentoo Linux aa-sources versions prior to 2.4.23-r2, update to version 2.4.23-r2 or later.