Gregory R. Panakkal

Name of the Vulnerable Software and Affected Versions: Rediff Bol Downloader ActiveX (OCX) control (affected versions not specified) Description: The issue allows remote attackers to execute arbitrary files and obtain sensitive information, such as usernames and pathnames, by providing a URL in the `url` vbscript parameter. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Indiatimes Messenger version 6.0 **Description** The issue is related to a buffer overflow in the MMClient.exe component, which can be triggered by a long group name argument to the `RenameGroup` function in the `MMClient.MunduMessenger.1` ActiveX object. This can cause a denial of service, resulting in an application crash, and potentially allow the execution of arbitrary code. **Recommendations** For Indiatimes Messenger version 6.0, consider disabling the `RenameGroup` function in the `MMClient.MunduMessenger.1` ActiveX object as a temporary workaround to minimize the risk of exploitation.