CVE-2007-0328 - The DWUpdateService ActiveX control in the agent (agent.exe) in Macrovision FLEXnet Connect 6.0 and

CVE-2007-0328

Summary

The DWUpdateService ActiveX control in the agent (agent.exe) in Macrovision FLEXnet Connect 6.0 and Update Service 3.x to 5.x allows remote attackers to execute arbitrary commands via (1) the Execute method, and obtain the exit status using (2) the GetExitCode method.

References

Vulnerable Configurations

cpe:2.3:a:macrovision:flexnet_connect:6.0:*:*:*:*:*:*:*
cpe:2.3:a:macrovision:flexnet_connect:6.0:*:*:*:*:*:*:*
cpe:2.3:a:macrovision:update_service:3.0:*:*:*:*:*:*:*
cpe:2.3:a:macrovision:update_service:3.0:*:*:*:*:*:*:*
cpe:2.3:a:macrovision:update_service:4.0:*:*:*:*:*:*:*
cpe:2.3:a:macrovision:update_service:4.0:*:*:*:*:*:*:*
cpe:2.3:a:macrovision:update_service:5.0:*:*:*:*:*:*:*
cpe:2.3:a:macrovision:update_service:5.0:*:*:*:*:*:*:*

CVSS

Base:	9.3 (as of 29-07-2017 - 01:30)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:N/C:C/I:C/A:C

refmap via4

cert-vn	VU#524681
confirm	http://support.installshield.com/kb/view.asp?articleid=Q113020 http://www.blackberry.com/btsc/articles/749/KB16469_f.SAL_Public.html
osvdb	36896
secunia	25501 32842
vupen	ADV-2007-2017 ADV-2008-3278
xf	macrovision-dwupdate-command-execution(34660)

Last major update

29-07-2017 - 01:30

Published

01-06-2007 - 00:30

Last modified

29-07-2017 - 01:30