📄 Description (English)
Use of Default Credentials, Hard-coded Credentials vulnerability in C2SGlobalSettings.dll in
Milner ImageDirector Capture on Windows allows decryption of document archive files using credentials decrypted with hard-coded application encryption key.
This issue affects ImageDirector Capture: from 7.0.9.0 before 7.6.3.25808.
🤖 AI Executive Summary
CVE-2025-58744 is a high-severity vulnerability in Milner ImageDirector Capture affecting versions 7.0.9.0 through 7.6.3.25808, where hard-coded encryption keys in C2SGlobalSettings.dll allow attackers to decrypt document archive files. This credential-based vulnerability poses significant risk to organizations using ImageDirector for document management and archival, particularly in regulated sectors handling sensitive documents. Immediate patching to version 7.6.3.25808 or later is critical to prevent unauthorized access to encrypted document repositories.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: May 2, 2026 08:33
🇸🇦 Saudi Arabia Impact Assessment
This vulnerability primarily impacts Saudi organizations in banking, government, healthcare, and energy sectors that utilize Milner ImageDirector Capture for document management and archival. Saudi banks (SAMA-regulated institutions) storing encrypted customer documents, government agencies managing classified or sensitive records, healthcare providers maintaining patient records, and energy companies (ARAMCO and subsidiaries) managing operational documentation are at highest risk. The hard-coded credentials vulnerability could enable unauthorized access to confidential business documents, financial records, personal data, and operational information, leading to data breaches, regulatory violations under SAMA and NCA frameworks, and potential compromise of critical infrastructure documentation.
🏢 Affected Saudi Sectors
Banking and Financial Services
Government and Public Administration
Healthcare and Medical Services
Energy and Utilities
Telecommunications
Insurance
Legal Services
Manufacturing and Industrial
🎯 MITRE ATT&CK Techniques
⚖️ Saudi Risk Score (AI)
8.2
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:
1. Identify all systems running Milner ImageDirector Capture versions 7.0.9.0 through 7.6.3.25807 using asset inventory and vulnerability scanning tools
2. Isolate affected systems from production networks if exploitation is suspected
3. Review access logs for C2SGlobalSettings.dll and document archive access patterns for suspicious activity
4. Notify SAMA/NCA if financial or government data has been potentially compromised
PATCHING GUIDANCE:
1. Upgrade immediately to Milner ImageDirector Capture version 7.6.3.25808 or later
2. Test patches in non-production environments before deployment
3. Schedule maintenance windows for production system updates
4. Verify patch installation by checking DLL version signatures
COMPENSATING CONTROLS (if immediate patching not possible):
1. Restrict file system access to C2SGlobalSettings.dll using NTFS permissions (read-only for application service accounts)
2. Implement network segmentation to limit access to ImageDirector systems
3. Enable Windows Audit logging for document archive access
4. Monitor for unauthorized decryption attempts using SIEM tools
5. Implement application whitelisting to prevent unauthorized execution
DETECTION RULES:
1. Monitor for C2SGlobalSettings.dll being read or executed outside normal application paths
2. Alert on document archive file access outside scheduled backup windows
3. Track failed and successful decryption attempts in application logs
4. Monitor for process execution of ImageDirector components with unusual parent processes
5. Detect lateral movement from compromised ImageDirector systems to other network resources
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. تحديد جميع الأنظمة التي تقوم بتشغيل Milner ImageDirector Capture من الإصدارات 7.0.9.0 إلى 7.6.3.25807 باستخدام أدوات جرد الأصول وفحص الثغرات
2. عزل الأنظمة المتأثرة عن شبكات الإنتاج في حالة الاشتباه في الاستغلال
3. مراجعة سجلات الوصول لـ C2SGlobalSettings.dll وأنماط الوصول إلى أرشيف المستندات للبحث عن نشاط مريب
4. إخطار SAMA/NCA إذا تم احتمال تعريض البيانات المالية أو الحكومية
إرشادات التصحيح:
1. الترقية الفورية إلى Milner ImageDirector Capture الإصدار 7.6.3.25808 أو أحدث
2. اختبار التصحيحات في بيئات غير الإنتاج قبل النشر
3. جدولة نوافذ الصيانة لتحديثات أنظمة الإنتاج
4. التحقق من تثبيت التصحيح بفحص توقيعات إصدار DLL
الضوابط البديلة (إذا لم يكن التصحيح الفوري ممكناً):
1. تقييد الوصول إلى نظام الملفات لـ C2SGlobalSettings.dll باستخدام أذونات NTFS (قراءة فقط لحسابات خدمة التطبيق)
2. تنفيذ تقسيم الشبكة لتحديد الوصول إلى أنظمة ImageDirector
3. تفعيل تسجيل Windows Audit لوصول أرشيف المستندات
4. مراقبة محاولات فك التشفير غير المصرح باستخدام أدوات SIEM
5. تنفيذ قائمة بيضاء للتطبيقات لمنع التنفيذ غير المصرح
قواعد الكشف:
1. مراقبة قراءة أو تنفيذ C2SGlobalSettings.dll خارج مسارات التطبيق العادية
2. تنبيه الوصول إلى ملف الأرشيف خارج نوافذ النسخ الاحتياطي المجدولة
3. تتبع محاولات فك التشفير الفاشلة والناجحة في سجلات التطبيق
4. مراقبة تنفيذ عمليات مكونات ImageDirector مع عمليات الوالدين غير العادية
5. الكشف عن الحركة الجانبية من أنظمة ImageDirector المخترقة إلى موارد الشبكة الأخرى
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
ECC 2024 A.9.2.1 - User access management and authentication
ECC 2024 A.10.1.1 - Cryptography and encryption key management
ECC 2024 A.12.2.1 - Logging and monitoring of information systems
ECC 2024 A.14.2.1 - Secure development and change management
🔵 SAMA CSF
SAMA CSF ID.AM-2 - Asset management and inventory
SAMA CSF PR.AC-1 - Access control and authentication
SAMA CSF PR.DS-1 - Data security and encryption
SAMA CSF DE.CM-1 - Detection and monitoring
SAMA CSF RS.MI-2 - Incident response and mitigation
🟡 ISO 27001:2022
ISO 27001:2022 A.5.15 - Supplier relationships
ISO 27001:2022 A.8.2 - Privileged access rights
ISO 27001:2022 A.8.3 - Information access restriction
ISO 27001:2022 A.10.1 - Cryptography
ISO 27001:2022 A.12.4 - Logging
🟣 PCI DSS v4.0.1
PCI DSS 2.1 - Default credentials and security parameters
PCI DSS 3.4 - Encryption of cardholder data
PCI DSS 8.2 - User identification and authentication
PCI DSS 10.2 - Logging and monitoring
🔗 References & Sources 1
📦 Affected Products / CPE 1 entries
milner:imagedirector_capture