A vulnerable version of Ecava IntegraXor has been detected.
Ecava IntegraXor versions prior to 3.60.4081 contain a flaw in the way dynamic-link libraries (DLLs) are loaded. IntegraXor uses a fixed path to look for specific DLLs, but this path could include directories that are not trusted or under user control. If a malicious DLL with the same name as a required DLL is located in the application's current working directory, the malicious DLL will be loaded. This allows an attacker to execute custom code that will run with the privilege of the program or user executing the program. This attack could be leveraged remotely by placing the malicious file or library on a network share or archive downloaded from a remote source.