Deltahackingteam

**Name of the Vulnerable Software and Affected Versions** AZTECLib.MW6Aztec version 3.0.0.1 **Description** The issue concerns insecure methods in the Aztec ActiveX control that allow remote attackers to overwrite arbitrary files. This is achieved by providing a full pathname argument to the `SaveAsBMP` and `SaveAsWMF` methods. **Recommendations** For version 3.0.0.1, consider disabling the `SaveAsBMP` and `SaveAsWMF` methods until a patch is available to prevent remote attackers from overwriting arbitrary files. Restrict access to the Aztec.dll module to minimize the risk of exploitation. Avoid using full pathnames as arguments to these methods in the affected API endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** BARCODELib.MW6Barcode, Barcode.dll version 3.0.0.1 **Description** The issue concerns insecure methods in the MW6 Technologies 1D Barcode ActiveX control, allowing remote attackers to overwrite arbitrary files. This is achieved by providing a full pathname argument to the (1) SaveAsBMP and (2) SaveAsWMF methods. **Recommendations** For version 3.0.0.1, consider disabling the SaveAsBMP and SaveAsWMF methods until a patch is available to prevent remote attackers from overwriting arbitrary files. Restrict access to the Barcode.dll module to minimize the risk of exploitation. Avoid using the full pathname argument in the affected methods until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** DATAMATRIXLib.MW6DataMatrix version 3.0.0.1 **Description** The issue concerns insecure methods in the DataMatrix ActiveX control, specifically the `SaveAsBMP` and `SaveAsWMF` methods. These methods allow remote attackers to overwrite arbitrary files by providing a full pathname as an argument. **Recommendations** For version 3.0.0.1, consider disabling the `SaveAsBMP` and `SaveAsWMF` methods until a patch is available to prevent remote attackers from overwriting arbitrary files. Restrict access to the DataMatrix ActiveX control to minimize the risk of exploitation. Avoid using the full pathname argument in the affected methods until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** MW6PDF417Lib.PDF417 version 3.0.0.1 **Description** The issue concerns insecure methods in the MW6 Technologies PDF417 ActiveX control, allowing remote attackers to overwrite arbitrary files. This is achieved by providing a full pathname argument to the `SaveAsBMP` and `SaveAsWMF` methods. **Recommendations** For version 3.0.0.1, consider disabling the `SaveAsBMP` and `SaveAsWMF` methods until a patch is available to prevent remote attackers from overwriting arbitrary files. Restrict access to the MW6PDF417.dll library to minimize the risk of exploitation. Avoid using the full pathname argument in the affected methods until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Microsoft Windows Explorer (affected versions not specified) Description: The issue allows remote attackers to cause a denial of service via a certain GIF file. This can be achieved with user assistance. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** cutenews aj-fork (CN:AJ) versions 167f and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `cutepath` parameter in the inc/shows.inc.php file. **Recommendations** For cutenews aj-fork (CN:AJ) versions 167f and earlier, consider restricting access to the `cutepath` parameter in the inc/shows.inc.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.