Axel Persinger

**Name of the Vulnerable Software and Affected Versions** Rhinode Trading Paints versions 2.0.36 and earlier **Description** An issue was discovered where TP Updater.exe uses cleartext HTTP to check and request updates. This allows attackers to perform a man-in-the-middle attack, enabling them to download a malicious binary in place of the real update without triggering any SSL errors or warnings. **Recommendations** For Rhinode Trading Paints versions 2.0.36 and earlier, consider disabling the TP Updater.exe until a secure update mechanism is implemented to prevent man-in-the-middle attacks. Restrict access to the update feature to minimize the risk of exploitation. Avoid using cleartext HTTP for updates until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Emote Remote Mouse versions through 3.015 **Description** An issue allows attackers to close any running process by sending the process name in a specially crafted packet. The information is sent in cleartext and lacks authentication logic. **Recommendations** For Emote Remote Mouse versions through 3.015, consider restricting access to the process control functionality until a patch is available. As a temporary workaround, implement additional authentication logic to protect against unauthorized process closure.

**Name of the Vulnerable Software and Affected Versions** Emote Remote Mouse versions through 4.0.0.0 **Description** An issue allows attackers to retrieve recently used and running applications, their icons, and their file paths. This information is sent in cleartext and lacks authentication logic. **Recommendations** For Emote Remote Mouse versions through 4.0.0.0, consider restricting access to sensitive application data until a patch is available. As a temporary workaround, avoid using the application for sensitive tasks until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Emote Remote Mouse versions through 4.0.0.0 **Description** An issue allows attackers to maximize or minimize the window of a running process by sending the process name in a crafted packet. The information is sent in cleartext and lacks authentication logic. **Recommendations** For versions through 4.0.0.0, consider restricting access to the process name information to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Emote Remote Mouse versions prior to 4.0.0.1 **Description** An issue allows remote unauthenticated users to execute arbitrary code via crafted UDP packets with no prior authorization or authentication. **Recommendations** For Emote Remote Mouse versions prior to 4.0.0.1, update to version 4.0.0.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Emote Remote Mouse versions prior to 4.0.0.1 **Description** An issue was discovered where the software uses cleartext HTTP to check and request updates. This allows attackers to perform a man-in-the-middle attack, enabling them to download a malicious binary in place of the real update without triggering any SSL errors or warnings. **Recommendations** For versions prior to 4.0.0.1, update to version 4.0.0.1 or later to resolve the issue. As a temporary workaround, consider restricting internet access for the software until a patch is applied. Avoid using the software to download updates over unsecured networks.

**Name of the Vulnerable Software and Affected Versions** Emote Remote Mouse versions prior to 4.0.0.1 **Description** An issue in Emote Remote Mouse allows Authentication Bypass via Packet Replay. Remote unauthenticated users can execute arbitrary code by sending crafted UDP packets, even when passwords are set. **Recommendations** For Emote Remote Mouse versions prior to 4.0.0.1, update to version 4.0.0.1 or later to resolve the issue.