UPS companion software v1.05 & Prior is affected by �??Eval Injection�?? vulnerability. The software does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call e.g.�?�eval�?� in �??Update Manager�?� class when software attempts to see if there are updates available. This results in arbitrary code execution on the machine where software is installed.