Yosuka Hasegawa

**Name of the Vulnerable Software and Affected Versions** AL-Mail32 versions prior to 1.13d **Description** A directory traversal issue allows remote attackers to write to arbitrary files by crafting the filename of an attachment. **Recommendations** For versions prior to 1.13d, update to version 1.13d or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** AL-Mail32 versions prior to 1.13d **Description** The issue allows remote attackers to cause a denial of service, resulting in an application crash. This can be achieved by including specific device names in the filename of an attachment, such as `CON`, `AUX`, or `NUL`. **Recommendations** For versions prior to 1.13d, update to version 1.13d or later to resolve the issue. As a temporary workaround, consider restricting the types of filenames that can be used for attachments to prevent the inclusion of device names like `CON`, `AUX`, or `NUL`.