Nearly every morning I start my computer time by looking at information from Google about what happened in my blog in the previous 24 hours. Google, and blogspot.com is a Google service, provides interesting pieces of analytical data about my blog readership. One item of particular interest is the top ten blog posts each day. As you would expect, most of those posts were from the last couple of days, but with 16 years of publishing this blog, every once-in-a-while, a blog post from ancient history rises into that list.
Today, a blog post from March 8th, 2011, made the list. It was a short piece (1 paragraph) about an ICS-CERT Alert for an Active X vulnerability in the WellinTech’s KingView 6.53. The link to the alert that was in the article was dead but has since been updated. Unfortunately, neither that updated Alert, nor it’s followup advisory provided a CVE number for the vulnerability. The advisory noted that an updated DLL file was available to mitigate the vulnerability.
A little more digging this morning showed a vulnerability (CVE-2011-0406) reported by Dillon Beresford (with a Metasploit module published in September of 2010) that may be reported vulnerability. There is an interesting blog post by Dillon about the history of that vulnerability, with a follow-up post here. It is an old story, but one that unfortunately still resonates today.
Posts
No comments:
Post a Comment