Martino Sani

**Name of the Vulnerable Software and Affected Versions** BestXsoftware Best Free Keylogger versions prior to 6.0.0 **Description** The issue allows local users to gain privileges via a Trojan horse "%PROGRAMFILES%BFK 5.2.9syscrb.exe" file because of insecure permissions for the BUILTINUsers group. **Recommendations** For versions prior to 6.0.0, consider updating to version 6.0.0 or later to resolve the issue. As a temporary workaround, restrict access to the "%PROGRAMFILES%BFK 5.2.9syscrb.exe" file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Roundcube Webmail versions prior to 1.0.11 Roundcube Webmail versions 1.1.x before 1.1.9 Roundcube Webmail versions 1.2.x before 1.2.5 **Description** The issue allows arbitrary password resets by authenticated users due to an improperly restricted exec call in the virtualmin and sasl drivers of the password plugin. **Recommendations** For versions prior to 1.0.11, update to version 1.0.11 or later. For versions 1.1.x before 1.1.9, update to version 1.1.9 or later. For versions 1.2.x before 1.2.5, update to version 1.2.5 or later.

**Name of the Vulnerable Software and Affected Versions** FastStone MaxView versions 3.0 through 3.1 **Description** The issue allows user-assisted attackers to cause a denial of service, resulting in an application crash. This can be achieved via a malformed BMP image with a crafted `biSize` field in the BITMAPINFOHEADER section. **Recommendations** For versions 3.0 and 3.1, consider avoiding the use of potentially malicious BMP images until a patch is available. As a temporary workaround, restrict the opening of BMP images from untrusted sources to minimize the risk of exploitation.