Cocoruder

Name of the Vulnerable Software and Affected Versions: CA ARCserve Backup versions r11.1 through r12.0 Description: A directory traversal issue exists in the RPC interface of CA ARCserve Backup, allowing remote attackers to execute arbitrary commands. This is achieved by including a .. (dot dot) in an RPC call with `opnum` 0x10A. Recommendations: For CA ARCserve Backup versions r11.1 through r12.0, consider restricting access to the RPC interface as a temporary workaround until a patch is available. Avoid using the `opnum` 0x10A in RPC calls to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Akamai Download Manager version 2.2.3.5 and earlier **Description** The issue allows remote attackers to force the download and execution of arbitrary files via a URL parameter containing an encoded LF followed by a malicious target line. This is due to a CRLF injection vulnerability in the Akamai Download Manager ActiveX control. **Recommendations** For versions prior to 2.2.3.6, update to version 2.2.3.6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Microsoft Jet Database Engine version prior to 4.0.9505.0 **Description** A buffer overflow issue in the msjet40.dll file allows remote attackers to execute arbitrary code via a crafted Word file. This issue has been exploited in the wild, specifically in March 2008. **Recommendations** For versions prior to 4.0.9505.0, update to version 4.0.9505.0 or later to resolve the issue. As a temporary workaround, consider avoiding the use of crafted Word files that could trigger the buffer overflow in the msjet40.dll file until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Adobe Acrobat and Reader versions prior to 8.1.2 **Description** The issue allows remote attackers to configure silent non-interactive printing using the DOC.print function in the Adobe JavaScript API. This can trigger the printing of an arbitrary number of copies of a document. **Recommendations** For versions prior to 8.1.2, update to version 8.1.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the DOC.print function until a patch is available.

Name of the Vulnerable Software and Affected Versions: Alipay PTA Module version (affected versions not specified) Description: The issue allows remote attackers to execute arbitrary code via a JavaScript function that invokes the `Remove` method with an invalid `index` argument. This argument is used as an offset for a function call, potentially leading to code execution. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.