Chase Hatch

**Name of the Vulnerable Software and Affected Versions** FileOptimizer version 14.00.2524 **Description** FileOptimizer version 14.00.2524 is subject to a denial of service condition. An attacker can cause the application to crash by manipulating the `FileOptimizer32.ini` configuration file. Specifically, the attacker overwrites the `TempDirectory` parameter with a 5000-character buffer, leading to a crash when opening options. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict write access to the `FileOptimizer32.ini` configuration file.

**Name of the Vulnerable Software and Affected Versions** Ayukov NFTP client version 1.71 **Description** The Ayukov NFTP client contains a buffer overflow issue in how it handles the SYST command. Remote attackers can exploit this by sending a specially crafted SYST command with an oversized payload. Successful exploitation allows the execution of arbitrary code, potentially leading to the execution of a bind shell on port 5150. The `SYST` command is vulnerable to a buffer overflow when processing oversized payloads. **Recommendations** Update to a newer version of Ayukov NFTP client that addresses this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ChaosPro version 2.0 **Description** A buffer overflow exists in the way the software handles configuration file paths. This allows attackers to execute arbitrary code by overwriting the Structured Exception Handler. Attackers can create a malicious configuration file with a carefully constructed payload to overwrite memory and gain remote code execution on vulnerable systems. The affected operating system is Windows XP. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.