CVE-2007-2419 - Multiple buffer overflows in an ActiveX control (boisweb.dll) in Macrovision FLEXnet Connect 6.0 and

CVE-2007-2419

Summary

Multiple buffer overflows in an ActiveX control (boisweb.dll) in Macrovision FLEXnet Connect 6.0 and Update Service 3.x to 5.x allow remote attackers to execute arbitrary code via the (1) the second parameter to the DownloadAndExecute method and (2) third parameter to the AddFileEx method, a different vulnerability than CVE-2007-0328.

References

Vulnerable Configurations

cpe:2.3:a:macrovision:flexnet_connect:6.0:*:*:*:*:*:*:*
cpe:2.3:a:macrovision:flexnet_connect:6.0:*:*:*:*:*:*:*
cpe:2.3:a:macrovision:update_service:3.0:*:*:*:*:*:*:*
cpe:2.3:a:macrovision:update_service:3.0:*:*:*:*:*:*:*
cpe:2.3:a:macrovision:update_service:4.0:*:*:*:*:*:*:*
cpe:2.3:a:macrovision:update_service:4.0:*:*:*:*:*:*:*
cpe:2.3:a:macrovision:update_service:5.0:*:*:*:*:*:*:*
cpe:2.3:a:macrovision:update_service:5.0:*:*:*:*:*:*:*

CVSS

Base:	10.0 (as of 16-10-2018 - 16:43)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bugtraq	20070605 TPTI-07-09: Macrovision FLEXnet boisweb.dll ActiveX Control Buffer Overflow Vulnerability
confirm	http://support.installshield.com/kb/view.asp?articleid=Q113020
misc	http://dvlabs.tippingpoint.com/advisory/TPTI-07-09
osvdb	36983
sectrack	1018195
secunia	25509
vupen	ADV-2007-2070
xf	macrovision-boisweb-bo(34721)

Last major update

16-10-2018 - 16:43

Published

06-06-2007 - 10:30

Last modified

16-10-2018 - 16:43