Haehanse

**Name of the Vulnerable Software and Affected Versions** Mobatek MobaXterm Home Edition versões anteriores a 26.2 **Description** Um problema existe na biblioteca `msimg32.dll` que permite um caminho de pesquisa não controlado. Isso requer acesso local e é caracterizado por alta complexidade e dificuldade de exploração. **Recommendations** Atualizar para a versão 26.2.

A security flaw has been discovered in UltraVNC up to 1.6.4.0. Affected by this issue is some unknown functionality in the library version.dll of the component Service. The manipulation results in uncontrolled search path. The attack needs to be approached locally. This attack is characterized by high complexity. The exploitation is known to be difficult. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

**Name of the Vulnerable Software and Affected Versions** Flos Freeware Notepad2 version 4.2.25 **Description** A security flaw exists in Flos Freeware Notepad2 that involves an uncontrolled search path within the PROPSYS.dll library. Exploitation requires local access and is considered difficult. The issue involves manipulation of an unknown function within the library. The vendor was contacted regarding this disclosure but did not respond. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Flos Freeware Notepad2 version 4.2.25 **Description** A weakness exists in Flos Freeware Notepad2 4.2.25, impacting an unknown function within the `TextShaping.dll` library. Exploitation involves a manipulation that can lead to an uncontrolled search path. The attack is limited to local execution and is considered difficult to exploit, requiring a high level of complexity. The vendor was contacted regarding this issue but did not respond. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Nome do Software Vulnerável e Versões Afetadas** UltraVNC versão 1.6.4.0 **Descrição** Existe uma vulnerabilidade no UltraVNC 1.6.4.0 no Windows. O problema afeta uma função desconhecida dentro da biblioteca `cryptbase.dll` do componente de Serviço do Windows, levando a um caminho de pesquisa não controlado. É necessário acesso local para exploração, e a exploração é considerada difícil devido à alta complexidade envolvida. O fornecedor foi contatado sobre esta divulgação, mas não forneceu uma resposta. **Recomendações** Atualize para uma versão mais recente que contenha uma correção para esta vulnerabilidade. Como solução temporária, considere restringir o acesso ao componente de Serviço do Windows para minimizar o risco de exploração.