Ethan Hunt

**Name of the Vulnerable Software and Affected Versions** SecSettings versions prior to SMR Jan-2026 Release 1 **Description** A flaw exists in SecSettings due to improper input validation. This allows a local attacker to access a file with system privileges. User interaction is required to trigger this issue. **Recommendations** Update SecSettings to SMR Jan-2026 Release 1 or later.

**Name of the Vulnerable Software and Affected Versions** Earthlink TotalAccess (affected versions not specified) **Description** The issue concerns the SpamBlocker.dll ActiveX control, which is marked as "safe for scripting". This marking allows remote attackers to execute malicious actions, specifically adding arbitrary e-mail addresses and domains to the spam blocker whitelist. The attackers can achieve this by utilizing the `AddSenderToWhitelist` and `AddDomainToWhitelist` functions. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.