CVE-2007-0321 - Buffer overflow in the Update Service Agent ActiveX Control in isusweb.dll for Macrovision FLEXnet C

CVE-2007-0321

Summary

Buffer overflow in the Update Service Agent ActiveX Control in isusweb.dll for Macrovision FLEXnet Connect (formerly InstallShield Update Service) allows remote attackers to execute arbitrary code via the Download method.

References

http://osvdb.org/33532
http://secunia.com/advisories/24270
http://support.installshield.com/kb/view.asp?articleid=Q113020
http://www.kb.cert.org/vuls/id/847993
http://www.kb.cert.org/vuls/id/MAPG-6UERNR
http://www.vupen.com/english/advisories/2007/0706
https://exchange.xforce.ibmcloud.com/vulnerabilities/32678

Vulnerable Configurations

cpe:2.3:a:macrovision:flexnet_connect:*:*:*:*:*:*:*:*
cpe:2.3:a:macrovision:flexnet_connect:*:*:*:*:*:*:*:*

CVSS

Base:	9.3 (as of 29-07-2017 - 01:30)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:N/C:C/I:C/A:C

refmap via4

cert-vn	VU#847993
confirm	http://support.installshield.com/kb/view.asp?articleid=Q113020 http://www.kb.cert.org/vuls/id/MAPG-6UERNR
osvdb	33532
secunia	24270
vupen	ADV-2007-0706
xf	macrovision-updateservice-activex-bo(32678)

Last major update

29-07-2017 - 01:30

Published

23-02-2007 - 03:28

Last modified

29-07-2017 - 01:30