CVE-2007-1009 - Macrovision InstallAnywhere Enterprise before 8.0.1 uses the InstallScript.iap_xml configuration fil

CVE-2007-1009

Summary

Macrovision InstallAnywhere Enterprise before 8.0.1 uses the InstallScript.iap_xml configuration file without integrity protection to verify authorization for installing an application, which allows local users to perform unauthorized installations by removing the (1) password or (2) serial number verification sections from this file.

References

Vulnerable Configurations

cpe:2.3:a:macrovision:installanywhere:8:*:enterprise:*:*:*:*:*
cpe:2.3:a:macrovision:installanywhere:8:*:enterprise:*:*:*:*:*
cpe:2.3:a:macrovision:installanywhere:8:*:standard:*:*:*:*:*
cpe:2.3:a:macrovision:installanywhere:8:*:standard:*:*:*:*:*

CVSS

Base:	4.6 (as of 16-10-2018 - 16:36)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:L/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	22643
bugtraq	20070416 SYMSA-2007-003 Macrovision InstallAnywhere Password and Serial Number Bypass
misc	http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-003.txt
sreason	2596
vupen	ADV-2007-1433

Last major update

16-10-2018 - 16:36

Published

19-04-2007 - 10:19

Last modified

16-10-2018 - 16:36