Monday, May 30, 2011

ICS-CERT Publishes 2 Advisories for Ecava IntegraXor

On Friday the DHS Industrial Control System Cyber Emergency Response Team (ICS-CERT) published two separate advisories for vulnerabilities in the Ecava IntegraXor system. The vulnerabilities would allow DLL hijacking and cross site scripting. Both vulnerabilities would allow execution of arbitrary code by an attacker with moderate skill levels. The first would require the attacker to have access to the computer’s file system and the second would require the operator viewing an infected web site.

There are no known exploits publicly available for either vulnerability and Ecava has developed a single patch to mitigate both vulnerabilities.

No comments:

/* Use this with templates/template-twocol.html */