Callax

Name of the Vulnerable Software and Affected Versions: SaschArt SasCam Webcam Server version 2.6.5 XHTTP Module version 4.1.0.0 Description: The issue allows remote attackers to cause a denial of service or execute arbitrary code via a long argument to the `Get` method and other unspecified methods. Recommendations: For SaschArt SasCam Webcam Server version 2.6.5, consider disabling the XHTTP Module until a patch is available. For XHTTP Module version 4.1.0.0, restrict access to the `Get` method to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Hpufunction.dll version 4.0.0.1 Description: The issue concerns the exposure of unsafe methods in Hpufunction.dll, specifically the `ExecuteAsync` and `Execute` methods. This exposure allows remote attackers to execute arbitrary code by providing an absolute pathname as the first argument. Recommendations: For Hpufunction.dll version 4.0.0.1, consider disabling the `ExecuteAsync` and `Execute` methods as a temporary workaround until a patch is available. Restrict access to Hpufunction.dll to minimize the risk of exploitation. Avoid using absolute pathnames in the first argument of the affected methods until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** WatchFire AppScan version 7.0 **Description** The issue allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the (1) `CompactSave` and (2) `SaveSession` method in one control, and the (3) `saveRecordedExploreToFile` method in a different control. This can be leveraged for code execution by writing to a Startup folder. **Recommendations** For WatchFire AppScan version 7.0, consider disabling the `CompactSave`, `SaveSession`, and `saveRecordedExploreToFile` methods as a temporary workaround until a patch is available. Restrict access to the affected ActiveX controls to minimize the risk of exploitation. Avoid using the affected methods in the ActiveX controls until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** EMC VMware version 6.0.0 **Description** The issue is related to an absolute path traversal vulnerability in a certain ActiveX control in vielib.dll. This allows remote attackers to execute arbitrary local programs by providing a full pathname in the first two arguments to the (1) CreateProcess or (2) CreateProcessEx method. **Recommendations** For EMC VMware version 6.0.0, consider restricting access to the CreateProcess and CreateProcessEx methods in the affected ActiveX control until a patch is available. As a temporary workaround, avoid using full pathnames in the first two arguments to these methods to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: EMC VMware version 6.0.0 Description: The issue concerns an absolute path traversal vulnerability in a certain ActiveX control in vielib.dll. This vulnerability allows remote attackers to execute arbitrary local programs by providing a full pathname in the first argument to the `StartProcess()` method. Recommendations: For EMC VMware version 6.0.0, consider restricting access to the `StartProcess()` method in the affected ActiveX control until a patch is available. As a temporary workaround, avoid using full pathnames in the first argument to the `StartProcess()` method to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: EMC VMware IntraProcessLogging.dll version 5.5.3.42958 Description: The issue is related to an absolute path traversal vulnerability in a certain ActiveX control. This allows remote attackers to create or overwrite arbitrary files by providing a full pathname in the argument to the `SetLogFileName` method. Recommendations: For EMC VMware IntraProcessLogging.dll version 5.5.3.42958, consider restricting access to the `SetLogFileName` method until a patch is available. As a temporary workaround, avoid using the `SetLogFileName` method with untrusted input to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** ProgramChecker Pro version 1.5.0.531 **Description** A stack-based buffer overflow issue exists in a certain ActiveX control in sasatl.dll, allowing remote attackers to execute arbitrary code via a long argument to the `Fill` method. **Recommendations** For version 1.5.0.531, consider disabling the `Fill` method in the affected ActiveX control as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Hewlett-Packard (HP) Photo Digital Imaging version 2.0.0.133 **Description** The issue concerns an absolute path traversal in a certain ActiveX control in the hpqxml.dll file, which allows remote attackers to create or overwrite arbitrary files. This is achieved by manipulating the argument to the `saveXMLAsFile` method. **Recommendations** For version 2.0.0.133, consider restricting access to the `saveXMLAsFile` method until a patch is available. Additionally, avoid using the `saveXMLAsFile` method with untrusted input to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** BarCodeAx.dll version 4.9 **Description** A stack-based buffer overflow issue exists in the BeginPrint method of a certain ActiveX control, allowing remote attackers to execute arbitrary code via a long argument. **Recommendations** For BarCodeAx.dll version 4.9, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Avax Vector version 1.3 **Description** The issue concerns a certain ActiveX control in Avaxswf.dll that allows remote attackers to create or overwrite arbitrary files. This is achieved by providing a full pathname in the argument to the `WriteMovie` method. **Recommendations** For Avax Vector version 1.3, consider restricting access to the `WriteMovie` method until a patch is available. As a temporary workaround, avoid using the `WriteMovie` method with untrusted input to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Hewlett-Packard (HP) Magview ActiveX control version 1.0.0.309 **Description** The issue is related to a stack-based buffer overflow in the Hewlett-Packard (HP) Magview ActiveX control, which can be triggered by passing a long argument to the `DeleteProfile` method. This can cause a denial of service, resulting in an application crash, and potentially have other impacts. **Recommendations** For version 1.0.0.309, consider disabling the `DeleteProfile` method as a temporary workaround until a patch is available. Restrict access to the hpqvwocx.dll module to minimize the risk of exploitation. Avoid using the `DeleteProfile` method with long arguments in the affected ActiveX control until the issue is resolved.