UI-Dialog 1.09 and previous versions allows remote malicious users to execute arbitrary commands.
cpan ui\\ \\