Haehanse

**Name of the Vulnerable Software and Affected Versions** Mobatek MobaXterm Home Edition versions prior to 26.2 **Description** An issue exists in the `msimg32.dll` library that allows for an uncontrolled search path. This requires local access and is characterized by high complexity and difficult exploitability. **Recommendations** Upgrade to version 26.2.

A security flaw has been discovered in UltraVNC up to 1.6.4.0. Affected by this issue is some unknown functionality in the library version.dll of the component Service. The manipulation results in uncontrolled search path. The attack needs to be approached locally. This attack is characterized by high complexity. The exploitation is known to be difficult. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

**Name of the Vulnerable Software and Affected Versions** Flos Freeware Notepad2 version 4.2.25 **Description** A security flaw exists in Flos Freeware Notepad2 that involves an uncontrolled search path within the PROPSYS.dll library. Exploitation requires local access and is considered difficult. The issue involves manipulation of an unknown function within the library. The vendor was contacted regarding this disclosure but did not respond. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Flos Freeware Notepad2 version 4.2.25 **Description** A weakness exists in Flos Freeware Notepad2 4.2.25, impacting an unknown function within the `TextShaping.dll` library. Exploitation involves a manipulation that can lead to an uncontrolled search path. The attack is limited to local execution and is considered difficult to exploit, requiring a high level of complexity. The vendor was contacted regarding this issue but did not respond. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** UltraVNC version 1.6.4.0 **Description** A weakness exists in UltraVNC 1.6.4.0 on Windows. The issue affects an unknown function within the `cryptbase.dll` library of the Windows Service component, leading to an uncontrolled search path. Local access is required for exploitation, and the exploitability is considered difficult due to the high complexity involved. The vendor was contacted regarding this disclosure but did not provide a response. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the Windows Service component to minimize the risk of exploitation.