Doan Nguyen

**Name of the Vulnerable Software and Affected Versions** WMV to AVI MPEG DVD WMV Convertor version 4.6.1217 **Description** The software contains a buffer overflow that allows attackers to execute arbitrary code by overwriting the `license name` and `license code` fields. An attacker can create a malicious payload of 6000 bytes to trigger a bind shell on port 4444 by exploiting a stack-based buffer overflow in the application’s input handling. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GCafé version 3.0 **Description** GCafé 3.0 contains an unquoted service path vulnerability in the `gbClientService`. This allows local attackers to potentially execute arbitrary code with elevated privileges. The issue stems from an unquoted path in the service configuration, enabling attackers to inject malicious executables that run with LocalSystem permissions. **Recommendations** Ensure the service path for `gbClientService` is properly quoted to prevent the execution of unauthorized code.