Ecava IntegraXor ActiveX save Method Buffer Overflow

High Nessus Plugin ID 51360


The remote Windows host has an ActiveX control affected by a buffer overflow vulnerability.


The version of the IntegraXor.Project ActiveX control installed on the remote Windows host contains a stack-based buffer overflow that can be triggered by passing a value larger than 1024 bytes to its 'save()' method.

Successful exploitation of this vulnerability can cause a crash in the associated browser and may allow for arbitrary code execution.


Upgrade to version 3.5 (Build 3900.10) or later.

See Also

Plugin Details

Severity: High

ID: 51360

File Name: scada_integraxor_activex_save_bof.nbin

Version: $Revision: 1.75 $

Type: local

Family: SCADA

Published: 2010/12/22

Modified: 2018/02/06

Dependencies: 53548

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 8.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:U/RC:C

Vulnerability Information

Required KB Items: SCADA/Apps/Ecava/IntegraXor/Installed

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2010/10/14

Vulnerability Publication Date: 2010/12/18

Reference Information

CVE: CVE-2010-4597

BID: 45487

OSVDB: 69960

CERT: 603928

EDB-ID: 15767

ICS-ALERT: 10-322-01