Shinnai

**Name of the Vulnerable Software and Affected Versions** TerraMaster TOS firmware versions through 5.1 **Description** The issue concerns hardcoded credentials in the firmware, allowing a remote attacker to login to the mail or webmail server. These credentials can also be used to access the administration panel and perform privileged actions. **Recommendations** For TerraMaster TOS firmware versions through 5.1, update to a version that removes the hardcoded credentials to prevent unauthorized access. As a temporary workaround, consider restricting access to the administration panel and mail or webmail servers to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Konica Minolta FTP Utility version 1.0 **Description** A directory traversal issue allows remote attackers to read arbitrary files by using a .. (dot dot backslash) in a RETR command. **Recommendations** For Konica Minolta FTP Utility version 1.0, consider restricting access to the RETR command or disabling the FTP utility until a patch is available to prevent exploitation of this issue.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows Server 2008 SP2, R2, and R2 SP1 **Description** The issue allows local users to gain privileges via a Trojan horse sti.dll file in the current working directory. This can be demonstrated by a directory that contains a .camp, .cdmp, .gmmp, .icc, or .icm file. A remote code execution vulnerability exists in the way that the Color Control Panel handles the loading of DLL files, which could allow an attacker to take complete control of an affected system, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights. **Recommendations** For Microsoft Windows Server 2008 SP2, R2, and R2 SP1, consider restricting access to the Color Control Panel until a patch is available. As a temporary workaround, avoid using directories that contain .camp, .cdmp, .gmmp, .icc, or .icm files to minimize the risk of exploitation. Restrict user rights on the system to minimize the impact of a potential attack.

**Name of the Vulnerable Software and Affected Versions** AwingSoft Awakening Web3D Player and Winds3D Viewer versions 3.5.0.0 Beta, 3.0.0.5, and earlier **Description** The issue is related to a heap-based buffer overflow in the WindsPlayerIE.View.1 ActiveX control in WindsPly.ocx. This can be triggered by a long `SceneUrl` property value, potentially allowing remote attackers to cause a denial of service or execute arbitrary code. **Recommendations** For versions 3.5.0.0 Beta, 3.0.0.5, and earlier, consider disabling the WindsPlayerIE.View.1 ActiveX control until a patch is available to prevent potential exploitation. Restrict access to the `SceneUrl` property to minimize the risk of arbitrary code execution.

**Name of the Vulnerable Software and Affected Versions** Najdi.si Toolbar version 2.0.4.1 **Description** The issue is related to a stack-based buffer overflow in an ActiveX control. This can be triggered by a long `Document.Location` property value, potentially allowing remote attackers to cause a denial of service or execute arbitrary code. **Recommendations** For Najdi.si Toolbar version 2.0.4.1, consider disabling the ActiveX control in najdisitoolbar.dll as a temporary workaround until a patch is available. Restrict access to the `Document.Location` property to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Sun Java SE Runtime Environment (aka JRE) 6 Update 13 Description: The issue is related to multiple buffer overflows in the Deployment Toolkit ActiveX control. These overflows can be triggered by a long string argument to certain methods, including the `setInstallerType`, `setAdditionalPackages`, `compareVersion`, `getStaticCLSID`, or `launch` method. This can allow remote attackers to execute arbitrary code. Recommendations: For Sun Java SE Runtime Environment (aka JRE) 6 Update 13, consider disabling the Deployment Toolkit ActiveX control until a patch is available. Restrict access to the `deploytk.dll` to minimize the risk of exploitation. Avoid using long string arguments in the affected methods until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: Sun Java SE Runtime Environment (JRE) 6 Update 13 Description: The issue allows remote attackers to execute arbitrary code via a .jnlp URL in the argument to the launch method. Additionally, it might allow remote attackers to launch JRE installation processes via the installLatestJRE or installJRE method. Recommendations: For Sun Java SE Runtime Environment (JRE) 6 Update 13, consider disabling the deploytk.dll ActiveX control until a patch is available. Restrict access to the launch, installLatestJRE, and installJRE methods to minimize the risk of exploitation. Avoid using the .jnlp URL in the launch method argument until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: Pablo Software Solutions Quick 'n Easy Mail Server version 3.3 Description: The issue allows remote attackers to cause a denial of service, resulting in either daemon outage or CPU consumption, by sending multiple long SMTP commands. This can be demonstrated through the use of long HELO commands. Recommendations: For version 3.3, consider restricting the length of incoming SMTP commands to prevent excessive CPU consumption or daemon outage until a patch is available. As a temporary workaround, monitoring CPU usage and daemon status can help in identifying potential denial-of-service attacks.

Name of the Vulnerable Software and Affected Versions: Symantec Norton Ghost version 14.0 Description: The issue concerns insecure methods in the Symantec.EasySetup.1 ActiveX control within the EasySetupInt.dll. This allows remote attackers to potentially cause a denial of service, leading to a browser crash, and possibly execute arbitrary code. The methods affected include (1) GetBackupLocationPath, (2) CallUninstall, (3) SetupDeleteVolume, (4) CanUseEasySetup, (5) CallAddInitialProtection, and (6) CallTour. Recommendations: For Symantec Norton Ghost version 14.0, consider disabling the affected methods (GetBackupLocationPath, CallUninstall, SetupDeleteVolume, CanUseEasySetup, CallAddInitialProtection, CallTour) in the EasySetupInt.dll until a patch is available. Restrict access to the EasySetup wizard to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: QuikSoft EasyMail MailStore version 6.5.0.3 Description: The issue is related to a buffer overflow in the emmailstore.dll component of the QuikSoft EasyMail MailStore ActiveX control. This occurs when a long first argument is passed to the `CreateStore` method, allowing remote attackers to execute arbitrary code. Recommendations: For version 6.5.0.3, consider disabling the `CreateStore` method in the emmailstore.dll component until a patch is available. Restrict access to the emmailstore.dll module to minimize the risk of exploitation. Avoid using the QuikSoft EasyMail MailStore ActiveX control with untrusted input until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Realtek Media Player version 1.15.0.0 **Description** The issue is a stack-based buffer overflow that allows remote attackers to execute arbitrary code via a crafted playlist (PLA) file. **Recommendations** For version 1.15.0.0, update to a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** XM Easy Personal FTP Server version 5.6.0 **Description** The issue allows remote authenticated users to cause a denial of service via a crafted argument to the "NLST" command. For example, providing a -1 argument can trigger this issue. **Recommendations** For XM Easy Personal FTP Server version 5.6.0, consider restricting access to the NLST command until a patch is available. As a temporary workaround, avoid using crafted arguments to the NLST command to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer versions 5.01 SP4 through 6 SP1 Description: A remote code execution issue exists due to improper validation of parameters during calls to navigation methods. This allows attackers to execute arbitrary code via a crafted HTML document, triggering memory corruption. An attacker could exploit this by constructing a specially crafted Web page, potentially gaining the same user rights as the logged-on user when a user views the Web page. Recommendations: For Microsoft Internet Explorer versions 5.01 SP4 and 6 SP1, consider disabling navigation methods until a patch is available. Restrict access to specially crafted Web pages to minimize the risk of exploitation. Avoid using Internet Explorer to view untrusted Web pages until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** MyServer version 0.8.11 **Description** The issue allows remote attackers to cause a denial of service, resulting in a daemon crash, by sending multiple invalid requests using HTTP methods such as GET, DELETE, OPTIONS, and possibly others. This is related to a "204 No Content error." **Recommendations** For MyServer version 0.8.11, consider restricting access to the server to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the HTTP methods GET, DELETE, and OPTIONS in requests to the server.

**Name of the Vulnerable Software and Affected Versions** Chilkat Crypt ActiveX Component version 4.3.2.1 **Description** The issue allows remote attackers to create and overwrite arbitrary files via the `WriteFile` method, potentially leading to code execution by creating executable files in Startup folders or accessing files using hcp:// URLs. **Recommendations** For version 4.3.2.1, consider disabling the `WriteFile` method until a patch is available to prevent remote attackers from creating and overwriting arbitrary files.

**Name of the Vulnerable Software and Affected Versions** DB Software Laboratory VImp X versions 4.7.7 through 4.8.8.0 **Description** The issue concerns insecure methods in the VImpX.VImpAX ActiveX control, allowing remote attackers to overwrite arbitrary files. This can be achieved via the `LogFile` property and `ClearLogFile` method, as well as the `SaveToFile` method. **Recommendations** For version 4.7.7, consider disabling the `ClearLogFile` method and restricting access to the `SaveToFile` method until a fix is available. For version 4.8.8.0, avoid using the `LogFile` property and restrict access to the `SaveToFile` method until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** DB Software Laboratory VImp X version 4.8.8.0 DB Software Laboratory VImp X version 4.7.7 **Description** The issue is related to a stack-based buffer overflow in the VImpX.VImpAX ActiveX control. This control is part of the DB Software Laboratory VImp X software. The overflow can be triggered via a long LogFile property, potentially allowing remote attackers to execute arbitrary code. **Recommendations** For version 4.8.8.0, consider restricting access to the VImpX.VImpAX ActiveX control until a patch is available. For version 4.7.7, avoid using the LogFile property with long values in the affected ActiveX control until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Hummingbird Deployment Wizard 2008 version 10.0.0.44 **Description** The issue concerns insecure methods in the DeployRun.DeploymentSetup.1 ActiveX control, allowing remote attackers to execute arbitrary programs via the `Run` and `PerformUpdateAsync` methods. Additionally, attackers can modify arbitrary registry values via the `SetRegistryValueAsString` method, potentially leading to code execution by specifying executable file values to Startup folders. **Recommendations** For Hummingbird Deployment Wizard 2008 version 10.0.0.44, consider disabling the `Run` and `PerformUpdateAsync` methods, as well as restricting access to the `SetRegistryValueAsString` method to prevent modification of registry values until a patch is available.

Name of the Vulnerable Software and Affected Versions: Chilkat XML ChilkatUtil.CkData.1 ActiveX control versions 3.0.3.0 and earlier Description: The issue allows remote attackers to create, overwrite, and modify arbitrary files for execution via calls to specific methods. This can potentially be leveraged for remote code execution by accessing files using hcp:// URLs. The exploitability might be limited to certain environments or non-default browser settings. Recommendations: For versions 3.0.3.0 and earlier, consider disabling the SaveToFile, SaveToTempFile, or AppendBinary methods as a temporary workaround until a patch is available. Restrict access to files using hcp:// URLs to minimize the risk of exploitation.

Buffer overflow in a certain ActiveX control in the COM API in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a call to the GuestInfo method in which there is a long string argument, and an assignment of a long string value to the result of this call. NOTE: this may overlap CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, CVE-2008-3695, or CVE-2008-3696.