Security Issue for DLL Vulnerability Note
Security researcher Praveen Darshanam have reported to IGX developer on a new DLL vulnerability via US-CERT. This is the second DLL vulnerability on top of previously found DLL hijack issues. The vulnerability is about replacing the genuine DLL files with malicious DLL files in program directory.
IGX developers have patched the reported vulnerability and released the fix. The fix has been included in latest Release which can be obained at this link: http://www.integraxor.com/download/rc.msi?4.2.4488. All previous release before build 4488 will have this vulnerability impact. Please download and use this build or any later release to fix this vulnerability. We wish to take this opportunity to remind user to always install programs in the “Program Files” or “Program Files (x86)” folder, which offers additional administrator’s protection.
Summary of Event
- 30-Jan-2015: ICS CERT contacted IntegraXor support team for ICS-VU-133099.
- 30-Jan-2015: Technical report for the vulnerability is received.
- 18-Mar-2015: Security fixed is issued for validation & general download.
- 26-Mar-2015: Security researcher has verified the fix.
- 01-Apr-2015: Public announcement is made by IntegraXor support team.