Ecava IntegraXor Path Subversion Arbitrary DLL Injection Code Execution

This script is Copyright (C) 2011-2012 Tenable Network Security, Inc.


Synopsis :

The remote Windows host contains a SCADA application that allows
arbitrary code execution.

Description :

The version of IntegraXor installed on the remote host is earlier
than 3.60 (Build 4081). As such, it reportedly uses a fixed path to
look for specific files or libraries, such as for 'dwmapi.dll', and
this path includes directories that may not be trusted or under user
control.

If a malicious DLL with the same name as a required DLL is located in
the application's current working directory, the malicious DLL will be
loaded.

See also :

http://msdn.microsoft.com/en-us/library/ff919712(VS.85).aspx
http://www.acrossecurity.com/aspr/ASPR-2010-08-18-1-PUB.txt
http://www.nessus.org/u?52e946f8

Solution :

Upgrade to version 3.60.4081.0 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.4
(CVSS2#E:F/RL:W/RC:ND)
Public Exploit Available : true

Family: SCADA

Nessus Plugin ID: 55026 ()

Bugtraq ID: 45549

CVE ID: CVE-2010-4599