CVE-2017-9644

Name of the Vulnerable Software and Affected Versions ALC WebCTRL, i-Vu, SiteScan Web versions 5.2 through 6.5 ALC WebCTRL, SiteScan Web versions 6.1 and prior ALC WebCTRL, i-Vu versions 6.0 and prior

Description An Unquoted Search Path or Element issue may allow a non-privileged local attacker to change files in the installation directory and execute arbitrary code with elevated privileges.

Recommendations For ALC WebCTRL, i-Vu, SiteScan Web versions 5.2 through 6.5, update to a version later than 6.5 to resolve the issue. For ALC WebCTRL, SiteScan Web versions 6.1 and prior, update to a version later than 6.1 to resolve the issue. For ALC WebCTRL, i-Vu versions 6.0 and prior, update to a version later than 6.0 to resolve the issue. As a temporary workaround, consider restricting access to the installation directory to minimize the risk of exploitation.