CVE-2011-1565

Name of the Vulnerable Software and Affected Versions IGSS versions 9.00.00.11063 and earlier

Description The issue allows remote attackers to read or create and write arbitrary files. This can be achieved by using .. (dot dot backslash) sequences to TCP port 12401, specifically through opcodes 0x3 for reading and 0x2 for creating or writing files.

Recommendations For versions 9.00.00.11063 and earlier, consider restricting access to TCP port 12401 as a temporary workaround until a patch is available. Avoid using opcodes 0x2 and 0x3 in the affected IGSSdataServer.exe until the issue is resolved.