Hi @ll, the current version of Essential PIM 4.22, available at with HTTP timestamp "Wed, 15 Jun 2011 13:20:12 GMT", comes with VULNERABLE and COMPLETELY outdated 3rd party runtime libraries! 1. libeay32.dll and ssleay32.dll of OpenSSL 0.9.8i, from 2008-09-15 updated 8 times due to fixed vulnerabilities, current release is 0.9.8r; see and 2. msvcrt80.dll version 8.0.50727.42, from 2005-09-23 updated at least twice due to fixed vulnerabilities; see , and plus , and . For general guidelines see 3. gds32.dll of FirebirdSQL 2.1.2.18118, from 2009-02-28 updated at least once due to fixed vulnerabilities, current release is 2.1.4; see 4. icudt30.dll and icuuc30.dll 3.0.0.0, from 2009-02-27 updated quite some times and superseded with version 4 due to fixed vulnerabilities: CVE-2007-4770 CVE-2007-4771 CVE-2008-1036 CVE-2009-0153 current release is 4.8; see 5. hunspelldll.dll , from 2009-06-26 current release is 1.3.1; see It needs REAL chuzpe to build and distribute software with those vulnerable and outdated libraries (and most probably a vulnerable and outdated development environment too). Timeline: 2011-05-28 vulnerability report sent to vendor after release of v4.21 2011-05-30 vendor reply: "We'll update them in the next version. Thanks for notice." 2011-06-15 vendor releases v4.22 with EXACT the same vulnerable libraries already included in v4.21 vendor obviously doesn't care about security at all! 2011-06-17 vulnerability report published Stefan Kanthak _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/