ID
VAR-E-201012-0054
CVE
| cve_id: | CVE-2010-4599 | Trust: 0.3 |
TITLE
Ecava IntegraXor 'dwmapi.dll' DLL Loading Arbitrary Code Execution Vulnerability
Trust: 0.3
DESCRIPTION
Ecava IntegraXor is prone to a vulnerability that lets attackers execute arbitrary code.
An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location that contains a specially crafted Dynamic Link Library (DLL) file.
IntegraXor 3.6.4000.0 is vulnerable; other versions may also be affected.
Trust: 0.3
AFFECTED PRODUCTS
| vendor: | ecava | model: | integraxor | scope: | eq | version: | 3.6.4000.0 | Trust: 0.3 |
EXPLOIT
A general exploit technique has been documented by TheLeader and H.D. Moore for the Metasploit Project; please see the references for more information.
Trust: 0.3
PRICE
Free
Trust: 0.3
TYPE
Design Error
Trust: 0.3
CREDITS
Mister Teatime
Trust: 0.3
EXTERNAL IDS
| db: | NVD | id: | CVE-2010-4599 | Trust: 0.3 |
| db: | BID | id: | 45549 | Trust: 0.3 |
REFERENCES
| url: | http://blogs.technet.com/b/msrc/archive/2010/08/21/microsoft-security-advisory-2269637-released.aspx | Trust: 0.3 |
| url: | http://blog.metasploit.com/2010/08/exploiting-dll-hijacking-flaws.html | Trust: 0.3 |
| url: | http://blogs.technet.com/b/srd/archive/2010/08/23/more-information-about-dll-preloading-remote-attack-vector.aspx | Trust: 0.3 |
| url: | http://www.ecava.com/index.htm | Trust: 0.3 |
| url: | http://blog.rapid7.com/?p=5325 | Trust: 0.3 |
| url: | http://www.microsoft.com/technet/security/advisory/2269637.mspx | Trust: 0.3 |
SOURCES
| db: | BID | id: | 45549 |
LAST UPDATE DATE
2022-07-27T09:40:50.539000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 45549 | date: | 2015-04-13T21:02:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 45549 | date: | 2010-12-22T00:00:00 |