ID CVE-2007-5660
Summary Unspecified vulnerability in the Update Service ActiveX control in isusweb.dll before 6.0.100.65101 in MacroVision FLEXnet Connect and InstallShield 2008 allows remote attackers to execute arbitrary code via an unspecified "unsafe method," possibly involving a buffer overflow.
References
Vulnerable Configurations
  • cpe:2.3:a:macrovision:flexnet_connect:*:*:*:*:*:*:*:*
    cpe:2.3:a:macrovision:flexnet_connect:*:*:*:*:*:*:*:*
  • cpe:2.3:a:macrovision:installshield_2008:*:*:*:*:*:*:*:*
    cpe:2.3:a:macrovision:installshield_2008:*:*:*:*:*:*:*:*
  • cpe:2.3:a:macrovision:update_service:3.0:*:*:*:*:*:*:*
    cpe:2.3:a:macrovision:update_service:3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:macrovision:update_service:4.0:*:*:*:*:*:*:*
    cpe:2.3:a:macrovision:update_service:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:macrovision:update_service:5.0:*:*:*:*:*:*:*
    cpe:2.3:a:macrovision:update_service:5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:macrovision:update_service:5.1.100_47363:*:*:*:*:*:*:*
    cpe:2.3:a:macrovision:update_service:5.1.100_47363:*:*:*:*:*:*:*
  • cpe:2.3:a:macrovision:update_service:6.0.100_60146:*:*:*:*:*:*:*
    cpe:2.3:a:macrovision:update_service:6.0.100_60146:*:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 29-07-2017 - 01:33)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
refmap via4
bid 26280
confirm
idefense 20071031 Macrovision InstallShield Update Service ActiveX Unsafe Method Vulnerability
osvdb 38347
sectrack 1018881
secunia 27475
vupen ADV-2007-3670
xf macrovision-isusweb-code-execution(38210)
saint via4
bid 26280
description MacroVision InstallShield Update Service isusweb.dll unsafe method
id misc_installshieldusax
osvdb 38347
title installshield_update_isusweb
type client
Last major update 29-07-2017 - 01:33
Published 02-11-2007 - 16:46
Last modified 29-07-2017 - 01:33
Back to Top