The Unicode Script Processor (Uniscribe) implementation in USP10.DLL does not properly validate tables associated with malformed OpenType fonts, producing an array index error.

WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation.

Winamp is prone to a vulnerability that may allow execution of dwmapi.dll if this dll is located in the same folder than .CDA file.

Nokia PC Suite is prone to a vulnerability that may allow execution of wintab32.dll if this dll is located in the same folder than .VCF file.

Microsoft Windows Mail is prone to a vulnerability that may allow execution of wab32res.dll if this dll is located in the same folder than .NWS file.

Daemon Tools Lite is prone to a vulnerability that may allow execution of MFC80LOC.DLL if this dll is located in the same folder than .MDS file.

Stack-based buffer overflow in Microsoft Office Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel file with a malformed RTD (0x813) record, aka "Excel RTD Memory Corruption Vulnerability".

The specific flaw exists within the ienipp.ocx ActiveX control. The control accepts a 'debug' parameter that is expected to be either "yes" or "true". If a string of a specific length is provided instead, a processing loop within the ExecuteRequest method can be made to corrupt a stack-based buffer.

A remote code execution vulnerability exists in Office, and could be exploited when a malformed property included in an Office file was parsed by any of the affected Office applications.

Microsoft WordPad is prone to a memory corruption vulnerability, because the Word 97 Text Converter does not properly parse certain structures in a Word 97 file.

This vulnerability can be exploited by remote attackers to execute arbitrary code, by enticing an unsuspecting user to open a specially crafted .DOC file with Microsoft WordPad.



WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation.

This module exploits a vulnerability in Adobe Reader when parsing a .PDF file with a malformed font embedded. This update adds support for several versions of Adobe Reader and corrects the CVE Number of the vulnerability.