Jelmer

**Nome do software vulnerável e versões afetadas** Versões do aiohttp anteriores à 3.7.4 **Descrição** O problema está relacionado a uma vulnerabilidade de redirecionamento aberto na biblioteca aiohttp, que pode permitir que um invasor remoto realize ataques de phishing usando um link especialmente criado. Essa vulnerabilidade é causada por um bug no middleware `aiohttp.web middlewares.normalize path middleware`. **Recomendações** Para versões anteriores à 3.7.4, atualize sua dependência usando o pip da seguinte forma: “pip install aiohttp >= 3.7.4”. Se a atualização não for uma opção, uma solução alternativa pode ser evitar o uso de `aiohttp.web middlewares.normalize path middleware` em suas aplicações.

**Name of the Vulnerable Software and Affected Versions** Microsoft cabarc (affected versions not specified) **Description** A directory traversal issue exists in Microsoft cabarc, allowing remote attackers to overwrite files by using "../" sequences in file names within a CAB archive. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Internet Explorer version 6 **Description** The issue allows remote attackers to execute arbitrary code in the Local Security context. This can be achieved by using the `showModalDialog` method and modifying the location to execute code, such as Javascript. The exploitation can occur through delayed HTTP redirect operations or by modifying the `location` attribute of the `window` object. **Recommendations** For Internet Explorer version 6, consider disabling the `showModalDialog` method as a temporary workaround until a patch is available. Restrict access to the `MSHTML` engine to minimize the risk of exploitation. Avoid using the `location` attribute of the `window` object in affected scenarios until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Internet Explorer versions 5.01 through 6 SP1 **Description** The issue allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object. **Recommendations** For versions 5.01 through 6 SP1, update to a newer version to mitigate the risk.

Name of the Vulnerable Software and Affected Versions: Microsoft Windows Media Player 9 Series (affected versions not specified) Description: The issue allows remote attackers to view and manipulate the Media Library on the local system via HTML script. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Windows Media Player version 7.1 Windows Media Player for Windows XP Description: A directory traversal issue allows remote attackers to execute arbitrary code via a skins file with a URL containing hex-encoded backslash characters (%5C) that causes an executable to be placed in an arbitrary location. Recommendations: For Windows Media Player version 7.1, consider disabling the skins feature until a patch is available. For Windows Media Player for Windows XP, restrict access to skins files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Microsoft Internet Explorer versions 5.01 through 6.0 **Description** The issue allows remote attackers to automatically upload files from the local system via a web page containing a script to upload the files. This is due to a problem in the file upload control. **Recommendations** For Microsoft Internet Explorer versions 5.01 through 6.0, consider disabling the file upload control as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** UnZip version 5.50 tar-1.13.25 **Description** The issue concerns a directory traversal vulnerability in UnZip, allowing attackers to overwrite arbitrary files by exploiting invalid characters between two . (dot) characters, which are filtered and result in a ".." sequence. Additionally, there are multiple vulnerabilities in the tar package of Red Hat Linux that can lead to a breach of protected information integrity, and these can be exploited remotely. **Recommendations** For UnZip version 5.50, consider restricting access to the vulnerable `UnZip` module to minimize the risk of exploitation until a patch is available. For tar-1.13.25, at the moment, there is no information about a newer version that contains a fix for this vulnerability.