Storm

**Name of the Vulnerable Software and Affected Versions** Roxio Easy Media Creator Home version 9.0.136 **Description** The issue allows local users to gain privileges via a Trojan horse homeutils9.dll file in the current working directory. This can be demonstrated by a directory that contains a .roxio, .c2d, or .gi file. **Recommendations** For Roxio Easy Media Creator Home version 9.0.136, consider restricting access to the homeutils9.dll file to minimize the risk of exploitation. Avoid using directories that contain .roxio, .c2d, or .gi files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Roxio MyDVD version 9 **Description** The issue allows local users to gain privileges via a Trojan horse HomeUtils9.dll file in the current working directory. This can be demonstrated by a directory that contains a .dmsd or .dmsm file. **Recommendations** For Roxio MyDVD version 9, consider restricting access to the current working directory to minimize the risk of exploitation. Avoid using directories that contain .dmsd or .dmsm files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Office PowerPoint version 2007 **Description** The issue allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks. This can be achieved via a Trojan horse rpawinet.dll located in the same folder as certain file types, including .odp, .pothtml, .potm, .potx, .ppa, .ppam, .pps, .ppt, .ppthtml, .pptm, .pptxml, .pwz, .sldm, .sldx, and .thmx. **Recommendations** For Microsoft Office PowerPoint 2007, consider removing or restricting access to the vulnerable `rpawinet.dll` file as a temporary workaround until a patch is available. Avoid opening files from untrusted sources, especially those that could be located in the same folder as a malicious dll, to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows Contacts (affected versions not specified) **Description** The issue allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks. This can be achieved via a Trojan horse `wab32res.dll` located in the same folder as certain file types, including `.contact`, `.group`, `.p7c`, `.vcf`, or `.wab` files. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Adobe PhotoShop versions CS2 through CS5 **Description** The issue allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks. This can be achieved via a Trojan horse `dwmapi.dll` or `Wintab32.dll` that is located in the same folder as a PSD or other file that is processed by PhotoShop. **Recommendations** For Adobe PhotoShop versions CS2 through CS5, consider restricting the execution of files from untrusted locations to minimize the risk of exploitation. As a temporary workaround, avoid processing PSD or other files from potentially compromised folders until a fix is available.

**Name of the Vulnerable Software and Affected Versions** Lightweight news portal (LNP) version 1.0b **Description** The issue allows remote attackers to gain administrator privileges due to improper access restrictions to administrator functionality. This can be achieved via direct requests to the "admin.php" endpoint with specific actions, including `potd delete`, `potd`, `vote update`, `vote`, or `modifynews`. **Recommendations** For Lightweight news portal (LNP) version 1.0b, restrict access to the "admin.php" endpoint to prevent unauthorized requests with the `potd delete`, `potd`, `vote update`, `vote`, or `modifynews` actions. Consider temporarily disabling these actions until a proper fix is implemented to prevent exploitation.

**Name of the Vulnerable Software and Affected Versions** Lightweight news portal (LNP) version 1.0b **Description** The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to cross-site scripting (XSS) attacks. This can be achieved via the `photo` parameter to "show photo.php", the `potd` parameter to "show potd.php", or the `Current question` field in a vote action to "admin.php". **Recommendations** For Lightweight news portal (LNP) version 1.0b, consider validating and sanitizing user input for the `photo` parameter in "show photo.php", the `potd` parameter in "show potd.php", and the `Current question` field in "admin.php" to prevent arbitrary web script or HTML injection. As a temporary workaround, restrict access to "show photo.php", "show potd.php", and "admin.php" to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: phpWebNews version 0.2 MySQL Edition Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id kat` parameter in the "index.php" file. Recommendations: For phpWebNews version 0.2 MySQL Edition, consider restricting access to the `id kat` parameter in the index.php file until a patch is available. As a temporary workaround, avoid using the `id kat` parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Titan FTP Server versions 3.01 build 163 through 3.01 build 168 **Description** The issue allows remote authenticated users to cause a denial of service by disconnecting from the system during a "LIST -L" command. This action causes the system to access an invalid socket, resulting in a crash. **Recommendations** For Titan FTP Server versions 3.01 build 163 through 3.01 build 168, consider updating to a version after build 169 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Serv-U FTP server versions prior to 5.0.0.6 **Description** The issue is related to a buffer overflow that can cause a denial of service, resulting in a crash. This occurs when a remote attacker sends a long `-l` parameter, triggering an out-of-bounds read. **Recommendations** For versions prior to 5.0.0.6, update to version 5.0.0.6 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Tellurian TftpdNT version 1.8 Description: A buffer overflow issue allows remote attackers to execute arbitrary code via a TFTP request with a long filename. Recommendations: For Tellurian TftpdNT version 1.8, update to a newer version that contains a fix for this issue. As a temporary workaround, consider restricting access to the TFTP service to minimize the risk of exploitation.