Kimiya

**Name of the Vulnerable Software and Affected Versions** PDFsam Enhanced (affected versions not specified) **Description** A flaw exists in PDFsam Enhanced related to the processing of XLS files. This allows a remote attacker to execute arbitrary code on affected systems. User interaction is required, specifically the target must open a malicious file or visit a malicious page. The issue stems from the execution of dangerous scripts without providing a warning to the user, enabling an attacker to execute code with the privileges of the current user. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Soda PDF Desktop (affected versions not specified) **Description** A flaw exists in the implementation of the Launch action within Soda PDF Desktop, allowing remote attackers to execute arbitrary code on affected installations. User interaction is required, specifically the target must visit a malicious page or open a malicious file. The issue stems from the execution of dangerous script without providing a user warning. An attacker can leverage this to execute code within the context of the current user. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** pdfforge PDF Architect (affected versions not specified) **Description** A flaw exists in the processing of XLS files within pdfforge PDF Architect, allowing remote attackers to execute arbitrary code. User interaction is required, specifically the target must open a malicious file or visit a malicious page. The issue stems from the execution of dangerous scripts without adequate user warning. An attacker can potentially execute code with the privileges of the current user. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Soda PDF Desktop (affected versions not specified) **Description** A flaw exists in the parsing of CBZ files within Soda PDF Desktop, allowing remote attackers to potentially execute arbitrary code. Exploitation requires user interaction, such as visiting a malicious page or opening a malicious file. The issue stems from insufficient validation of user-supplied paths before they are used in file operations, which could allow an attacker to execute code with the privileges of the current user. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PDFsam Enhanced (affected versions not specified) **Description** A flaw exists in PDFsam Enhanced related to the Launch action, allowing remote attackers to execute arbitrary code. User interaction is required, specifically the target must visit a malicious page or open a malicious file. The issue stems from the execution of dangerous scripts without providing a user warning. Successful exploitation allows an attacker to execute code within the context of the current user. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PDFsam Enhanced (affected versions not specified) **Description** A flaw exists in PDFsam Enhanced related to the processing of DOC files. The issue stems from allowing the execution of potentially harmful scripts without providing a warning to the user. An attacker could leverage this to execute code with the privileges of the current user. User interaction is required, such as visiting a malicious page or opening a malicious file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** pdfforge PDF Architect (affected versions not specified) **Description** A flaw exists in the Launch action implementation of pdfforge PDF Architect, allowing remote attackers to execute arbitrary code. User interaction is required, specifically the target must visit a malicious page or open a malicious file. The issue stems from the execution of dangerous scripts without providing a user warning. An attacker can leverage this to execute code with the privileges of the current user. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** pdfforge PDF Architect (affected versions not specified) **Description** This issue allows remote attackers to execute arbitrary code on affected installations of pdfforge PDF Architect. User interaction is required, specifically the target must visit a malicious page or open a malicious file. The flaw resides in the processing of DOC files, where dangerous script execution occurs without adequate user warning. An attacker can leverage this to execute code with the privileges of the current user. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** pdfforge PDF Architect (affected versions not specified) **Description** A flaw exists in the parsing of CBZ files within pdfforge PDF Architect, stemming from insufficient validation of user-supplied paths before their use in file operations. This can allow a remote attacker to execute arbitrary code on affected systems. User interaction is required, specifically the target must open a malicious file or visit a malicious page. The issue was identified as ZDI-CAN-27514. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Soda PDF Desktop (affected versions not specified) **Description** A flaw exists in Soda PDF Desktop related to the handling of XLS files. The software allows the execution of dangerous scripts without providing a warning to the user. This could allow a remote attacker to execute arbitrary code on a vulnerable system, operating with the privileges of the current user. User interaction is required, such as visiting a malicious page or opening a malicious file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Soda PDF Desktop (affected versions not specified) Squid Proxy versions (affected versions not specified) **Description** A critical issue exists in Soda PDF Desktop related to insufficient UI warnings during Word file processing, potentially leading to remote code execution. Additionally, Squid Proxy contains a high-severity threat that could allow attackers to compromise network caching layers. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Digilent WaveForms versions prior to 3.24.4 **Description** A relative path traversal vulnerability exists due to improper input validation in Digilent WaveForms, potentially leading to arbitrary code execution. Successful exploitation requires an attacker to trick a user into opening a specially crafted `.DWF3WORK` file. **Recommendations** Update Digilent WaveForms to version 3.24.4 or later.

**Name of the Vulnerable Software and Affected Versions** Fuji Electric FRENIC-Loader 4 (affected versions not specified) **Description** Fuji Electric FRENIC-Loader 4 is susceptible to deserialization of untrusted data when importing a file through a specified window. This may allow an attacker to execute arbitrary code. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Digilent DASYLab (affected versions not specified) **Description** Digilent DASYLab is susceptible to a deserialization of untrusted data issue that could lead to arbitrary code execution. An attacker can exploit this by tricking a user into opening a specially crafted DSB file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Digilent DASYLab (affected versions not specified) **Description** An out-of-bounds write issue exists due to improper bounds checking in `displ2.dll` when parsing a DSB file. This can lead to arbitrary code execution if a user opens a specially crafted DSB file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** DASYLab (affected versions not specified) **Description** DASYLab is susceptible to an out-of-bounds write due to insufficient bounds checking when parsing DSB files. This can lead to an invalid source address and potentially result in arbitrary code execution. An attacker can exploit this issue by tricking a user into opening a specially crafted DSB file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Digilent DASYLab (affected versions not specified) **Description** A flaw exists in Digilent DASYLab due to improper bounds checking when parsing a DSB file. This can lead to an out-of-bounds write, resulting in invalid data and potentially arbitrary code execution. An attacker can exploit this issue by tricking a user into opening a specially crafted DSB file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Digilent DASYLab (affected versions not specified) **Description** The software contains an out-of-bounds write issue caused by insufficient bounds checking when processing DSB files. This can lead to an invalid address being accessed and potentially allow for arbitrary code execution. An attacker can exploit this by tricking a user into opening a specially crafted DSB file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** DASYLab (affected versions not specified) **Description** DASYLab is susceptible to an out-of-bounds write due to improper bounds checking when parsing a DSB file. This can lead to arbitrary code execution if a user opens a specially crafted DSB file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Digilent DASYLab (affected versions not specified) **Description** A heap-based buffer overflow exists due to improper bounds checking when parsing a DSB file. Successful exploitation requires a user to open a specially crafted DSB file, potentially leading to arbitrary code execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.