A vulnerability has been identified in Nokia PC Suite and in various Sony products, which could be exploited by remote attackers to take complete control of an affected system. This flaw is due to a buffer overflow error in the Gracenote CDDB (CD Data Base) ActiveX Control when handling an overly long option, which could be exploited by remote attackers to execute arbitrary commands on a vulnerable system via a specially crafted Web page.
Nokia PC Suite version 6.8
Nokia PC Suite version 6.7
Sony CONNECT Player
Sony SonicStage version 3.3
Sony SonicStage version 3.4
Sony SonicStage Mastering Studio version 2.1
Sony SonicStage Mastering Studio version 2.2
For Nokia PC Suite:
Install PC Suite version 6.8 Update
For Sony Products:
Apply patch :
Apple Mac OS X Multiple Command Execution and Privilege Escalation Vulnerabilities
Apple has released security updates to address multiple vulnerabilities identified in Mac OS X. These flaws could be exploited by remote or local attackers to execute arbitrary commands, cause a denial of service, or disclose sensitive information.
The first issue is due to an error in the AFP server when displaying search results, which could be exploited by malicious users to disclose the names of files and folders for which they have no access.
The second vulnerability is due to a stack overflow error in ImageIO when handling malformed TIFF images, which could be exploited by attackers to crash an affected application or compromise a vulnerable system via a specially crafted TIFF image.
The third flaw is due to an error in the OpenLDAP server that fails to properly handle invalid LDAP requests, which could be exploited by remote attackers to cause a denial of service.
The fourth issue is due to a format string error in the setuid utility "launchd" when logging messages, which could be exploited by malicious users to execute arbitrary commands with elevated privileges.
The fifth vulnerability is due to an error in ClamAV, which could be exploited by attackers to execute arbitrary code by tricking a user into downloading virus signature updates from a malicious web server.
Apple Mac OS X version 10.4 through 10.4.6
Apple Mac OS X Server version 10.4 through 10.4.6
Upgrade to version 10.4.7 :