Sign-up

ID

VAR-201204-0146


CVE

CVE-2012-0246


TITLE

Ecava IntegraXor 'igcom.dll' Directory Traversal Vulnerability

Trust: 1.1

sources: IVD: f9d0942e-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-1650 // BID: 52763

DESCRIPTION

Directory traversal vulnerability in an unspecified ActiveX control in Ecava IntegraXor before 3.71.4200 allows remote attackers to execute arbitrary code via vectors involving an HTML document on the server. Ecava IntegraXor is a human interface product that uses HTML and SVG. Ecava IntegraXor is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. Exploiting the issue may allow an attacker to overwrite arbitrary files on the affected system. This could aid in further attacks. Ecava IntegraXor versions prior to 3.71.4200 are vulnerable. ---------------------------------------------------------------------- Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch ---------------------------------------------------------------------- TITLE: IntegraXor Project ActiveX Control Insecure Method SECUNIA ADVISORY ID: SA48558 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/48558/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=48558 RELEASE DATE: 2012-03-28 DISCUSS ADVISORY: http://secunia.com/advisories/48558/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/48558/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=48558 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in IntegraXor, which can be exploited by malicious people to compromise a user's system. Successful exploitation may allow execution of arbitrary code. SOLUTION: Update to version 3.71.4200. PROVIDED AND/OR DISCOVERED BY: US-CERT credits Billy Rios and Terry McCorkle. ORIGINAL ADVISORY: US-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-12-083-01.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.7

sources: NVD: CVE-2012-0246 // JVNDB: JVNDB-2012-001978 // CNVD: CNVD-2012-1650 // BID: 52763 // IVD: f9d0942e-2353-11e6-abef-000c29c66e3d // PACKETSTORM: 111325

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: f9d0942e-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-1650

AFFECTED PRODUCTS

vendor:ecavamodel:integraxorscope:eqversion:3.60

Trust: 2.5

vendor:ecavamodel:integraxorscope:eqversion:3.5.3900.5

Trust: 1.6

vendor:ecavamodel:integraxorscope:eqversion:3.6.4000.0

Trust: 1.6

vendor:ecavamodel:integraxorscope:eqversion:3.5.3900.10

Trust: 1.6

vendor:ecavamodel:integraxorscope:lteversion:3.60.4061

Trust: 1.0

vendor:ecavamodel:integraxorscope:eqversion:3.60.4032

Trust: 0.9

vendor:ecavamodel:integraxorscope:eqversion:3.60.4050

Trust: 0.9

vendor:ecavamodel:integraxorscope:ltversion:3.71.4200

Trust: 0.8

vendor:ecavamodel:integraxorscope:eqversion:3.60.4061

Trust: 0.6

vendor:ecavamodel:integraxorscope:neversion:3.71.4200

Trust: 0.3

vendor:integraxormodel: - scope:eqversion:3.5.3900.5

Trust: 0.2

vendor:integraxormodel: - scope:eqversion:3.5.3900.10

Trust: 0.2

vendor:integraxormodel: - scope:eqversion:3.6.4000.0

Trust: 0.2

vendor:integraxormodel: - scope:eqversion:3.60

Trust: 0.2

vendor:integraxormodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: f9d0942e-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-1650 // BID: 52763 // JVNDB: JVNDB-2012-001978 // CNNVD: CNNVD-201203-535 // NVD: CVE-2012-0246

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-0246
value: HIGH

Trust: 1.0

NVD: CVE-2012-0246
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201203-535
value: CRITICAL

Trust: 0.6

IVD: f9d0942e-2353-11e6-abef-000c29c66e3d
value: CRITICAL

Trust: 0.2

nvd@nist.gov: CVE-2012-0246
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

IVD: f9d0942e-2353-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: f9d0942e-2353-11e6-abef-000c29c66e3d // JVNDB: JVNDB-2012-001978 // CNNVD: CNNVD-201203-535 // NVD: CVE-2012-0246

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.8

sources: JVNDB: JVNDB-2012-001978 // NVD: CVE-2012-0246

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201203-535

TYPE

Path traversal

Trust: 0.8

sources: IVD: f9d0942e-2353-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201203-535

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2012-001978

PATCH
title:Top Pageurl:http://www.integraxor.com/index.htm
Trust: 0.8
title:IntegraXor 3.71 - DOWNLOADurl:http://www.integraxor.com/download.htm
Trust: 0.8
title:Ecava IntegraXor 'igcom.dll' directory traversal vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/14973
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2012-1650 // 
            
            
            
            JVNDB: JVNDB-2012-001978

EXTERNAL IDS
db:NVDid:CVE-2012-0246
Trust: 3.5
db:ICS CERTid:ICSA-12-083-01
Trust: 3.4
db:SECUNIAid:48558
Trust: 1.8
db:OSVDBid:80650
Trust: 1.0
db:CNVDid:CNVD-2012-1650
Trust: 0.8
db:CNNVDid:CNNVD-201203-535
Trust: 0.8
db:JVNDBid:JVNDB-2012-001978
Trust: 0.8
db:BIDid:52763
Trust: 0.3
db:IVDid:F9D0942E-2353-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:PACKETSTORMid:111325
Trust: 0.1
sources:
            
            
            IVD: f9d0942e-2353-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2012-1650 // 
            
            
            
            BID: 52763 // 
            
            
            
            JVNDB: JVNDB-2012-001978 // 
            
            
            
            PACKETSTORM: 111325 // 
            
            
            
            CNNVD: CNNVD-201203-535 // 
            
            
            
            NVD: CVE-2012-0246

REFERENCES
url:http://www.us-cert.gov/control_systems/pdf/icsa-12-083-01.pdf
Trust: 2.8
url:http://secunia.com/advisories/48558
Trust: 1.6
url:http://osvdb.org/80650
Trust: 1.0
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/74388
Trust: 1.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0246
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-0246
Trust: 0.8
url:http://www.us-cert.gov/control_systems/pdf/icsa-12-083-01.pdfhttp
Trust: 0.6
url:http://www.integraxor.com/
Trust: 0.3
url:https://ca.secunia.com/?page=viewadvisory&vuln_id=48558
Trust: 0.1
url:http://secunia.com/psi_30_beta_launch
Trust: 0.1
url:http://secunia.com/vulnerability_intelligence/
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
Trust: 0.1
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.1
url:http://secunia.com/advisories/48558/#comments
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/personal/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/advisories/48558/
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2012-1650 // 
            
            
            
            BID: 52763 // 
            
            
            
            JVNDB: JVNDB-2012-001978 // 
            
            
            
            PACKETSTORM: 111325 // 
            
            
            
            CNNVD: CNNVD-201203-535 // 
            
            
            
            NVD: CVE-2012-0246

CREDITS
Billy Rios and Terry McCorkle
Trust: 0.3
sources:
            
            
            BID: 52763

SOURCES
db:IVDid:f9d0942e-2353-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2012-1650
db:BIDid:52763
db:JVNDBid:JVNDB-2012-001978
db:PACKETSTORMid:111325
db:CNNVDid:CNNVD-201203-535
db:NVDid:CVE-2012-0246

LAST UPDATE DATE
2025-04-11T23:17:20.077000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2012-1650date:2012-03-30T00:00:00
db:BIDid:52763date:2012-08-17T12:20:00
db:JVNDBid:JVNDB-2012-001978date:2012-04-04T00:00:00
db:CNNVDid:CNNVD-201203-535date:2012-03-30T00:00:00
db:NVDid:CVE-2012-0246date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:IVDid:f9d0942e-2353-11e6-abef-000c29c66e3ddate:2012-03-30T00:00:00
db:CNVDid:CNVD-2012-1650date:2012-03-30T00:00:00
db:BIDid:52763date:2012-03-28T00:00:00
db:JVNDBid:JVNDB-2012-001978date:2012-04-04T00:00:00
db:PACKETSTORMid:111325date:2012-03-28T09:00:21
db:CNNVDid:CNNVD-201203-535date:2012-03-30T00:00:00
db:NVDid:CVE-2012-0246date:2012-04-02T10:46:44.263