Theleader

**Name of the Vulnerable Software and Affected Versions** Kolibri version 2.0 **Description** A stack-based buffer overflow issue allows remote attackers to execute arbitrary code via a long URI in a HEAD request. **Recommendations** For Kolibri version 2.0, update to a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Microsoft PowerPoint 2010 **Description** The issue allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks. This is achieved via a Trojan horse `pptimpconv.dll` located in the same folder as certain file types, including `.odp`, `.pot`, `.potm`, `.potx`, `.ppa`, `.pps`, `.ppsm`, `.ppsx`, `.ppt`, `.pptm`, `.pptx`, `.pwz`, `.sldm`, or `.sldx`. **Recommendations** For Microsoft PowerPoint 2010, consider removing or restricting access to the `pptimpconv.dll` file as a temporary workaround to minimize the risk of exploitation. Additionally, avoid opening files from untrusted sources to reduce the risk of DLL hijacking attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Wireshark versions 0.8.4 through 1.0.15 Wireshark versions 1.2.0 through 1.2.10 **Description** The issue allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse airpcap.dll, and possibly other DLLs, that is located in the same folder as a file that automatically launches Wireshark. **Recommendations** For Wireshark versions 0.8.4 through 1.0.15, consider disabling the automatic launch of Wireshark from files in untrusted folders to minimize the risk of exploitation. For Wireshark versions 1.2.0 through 1.2.10, restrict access to the airpcap.dll and other potentially vulnerable DLLs to prevent DLL hijacking attacks until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** VLC version 0.9.8a **Description** The issue allows remote attackers to cause a denial of service, resulting in stack consumption and crash, by providing a long input argument in an `in play` action to the `requests/status.xml` file. **Recommendations** For VLC version 0.9.8a, consider restricting access to the `requests/status.xml` file to minimize the risk of exploitation, and avoid using long input arguments in `in play` actions until a fix is available.