Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5661

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2007-5661
Last Modified 07 Mar 2011 10:01:06
Published 03 Apr 2008 08:44:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-5661

Summary

The Macrovision InstallShield InstallScript One-Click Install (OCI) ActiveX control 12.0 before SP2 does not validate the DLL files that are named as parameters to the control, which allows remote attackers to download arbitrary library code onto a client machine.

Vulnerable Systems

Application

  • Macrovision Installshield 12 Premier

  • Macrovision Installshield 12 Professional


References

BID - 28533

SECUNIA - 29549

CONFIRM - http://knowledge.macrovision.com/selfservice/microsites/search.do?cmd=displayKC&externalId=Q113640

XF - installshield-oneclick-code-execution(41558)

VUPEN - ADV-2008-1049

SECTRACK - 1019735

IDEFENSE - 20080331 Macrovision InstallShield InstallScript One-Click Install Untrusted Library Loading Vulnerability


Last Updated: 27 May 2016 10:46:14