Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5660

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2007-5660
Last Modified 07 Mar 2011 10:01:06
Published 02 Nov 2007 12:46:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-5660

Summary

Unspecified vulnerability in the Update Service ActiveX control in isusweb.dll before 6.0.100.65101 in MacroVision FLEXnet Connect and InstallShield 2008 allows remote attackers to execute arbitrary code via an unspecified "unsafe method," possibly involving a buffer overflow.

Vulnerable Systems

Application

  • Macrovision Flexnet Connect

  • Macrovision Installshield 2008

  • Macrovision Update Service 3.0

  • Macrovision Update Service 4.0

  • Macrovision Update Service 5.0

  • Macrovision Update Service 5.1.100 47363

  • Macrovision Update Service 6.0.100 60146


References

BID - 26280

CONFIRM - http://www.macrovision.com/promolanding/7660.htm

CONFIRM - http://support.installshield.com/kb/view.asp?articleid=Q113602

CONFIRM - http://support.installshield.com/kb/view.asp?articleid=Q113020

SECUNIA - 27475

VUPEN - ADV-2007-3670

OSVDB - 38347

IDEFENSE - 20071031 Macrovision InstallShield Update Service ActiveX Unsafe Method Vulnerability

XF - macrovision-isusweb-code-execution(38210)

SECTRACK - 1018881


Last Updated: 27 May 2016 10:46:14