The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of GraphWorX32

computer vulnerability announce CVE-2014-0758

ICONICS GENESIS32: code execution via IcoLaunch.dll

Synthesis of the vulnerability

An attacker can invite the victim to display an HTML page calling IcoLaunch.dll of ICONICS GENESIS32, in order to execute code on his computer.
Impacted products: GENESIS32.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights.
Provenance: document.
Creation date: 20/02/2014.
Identifiers: BID-65706, CVE-2014-0758, ICSA-14-051-01, VIGILANCE-VUL-14287.

Description of the vulnerability

The ICONICS GENESIS32 product installs the IcoLaunch.dll ActiveX, which is used to start an application.

However, this ActiveX can be instantiated from Internet Explorer.

An attacker can therefore invite the victim to display an HTML page calling IcoLaunch.dll of ICONICS GENESIS32, in order to execute code on his computer.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2012-3018

ICONICS GENESIS32: privilege elevation via Security Configurator

Synthesis of the vulnerability

A local attacker can use a vulnerability of ICONICS GENESIS32 and BizViz applications, in order to elevate his privileges.
Impacted products: GENESIS32.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 31/07/2012.
Identifiers: BID-54732, CVE-2012-3018, ICSA-12-212-01, VIGILANCE-VUL-11809.

Description of the vulnerability

The access to ICONICS GENESIS32/BizViz requires a user account.

When an account is locked, it cannot be used to log in. A challenge-response operation is then required to enable the account. However, an attacker can bypass the challenge, and then log in on Security Configurator as an administrator.

A local attacker can therefore use a vulnerability of ICONICS GENESIS32 and BizViz applications, in order to elevate his privileges.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.