We can confirm the above vulnerabilities were also present in ealier service packs. As such, we recommend upgrading to service pack 4 hotfix 3 to address them.
Please note, the above CVEs can only impact applications not using transport-level security. Any applications which are using TLS will not be impacted.
Additionally, the vulnerabilities affect C++ applications only. Java applications are safe.