Vulnerabilites related to macrovision - flexnet_connect
CVE-2007-2419 (GCVE-0-2007-2419)
Vulnerability from cvelistv5
Published
2007-06-06 10:00
Modified
2024-08-07 13:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple buffer overflows in an ActiveX control (boisweb.dll) in Macrovision FLEXnet Connect 6.0 and Update Service 3.x to 5.x allow remote attackers to execute arbitrary code via the (1) the second parameter to the DownloadAndExecute method and (2) third parameter to the AddFileEx method, a different vulnerability than CVE-2007-0328.
References
| ▼ | URL | Tags |
|---|---|---|
| http://support.installshield.com/kb/view.asp?articleid=Q113020 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/34721 | vdb-entry, x_refsource_XF | |
| http://dvlabs.tippingpoint.com/advisory/TPTI-07-09 | x_refsource_MISC | |
| http://www.vupen.com/english/advisories/2007/2070 | vdb-entry, x_refsource_VUPEN | |
| http://osvdb.org/36983 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/25509 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/archive/1/470585/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securitytracker.com/id?1018195 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:33:28.724Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.installshield.com/kb/view.asp?articleid=Q113020"
},
{
"name": "macrovision-boisweb-bo(34721)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34721"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://dvlabs.tippingpoint.com/advisory/TPTI-07-09"
},
{
"name": "ADV-2007-2070",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2070"
},
{
"name": "36983",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36983"
},
{
"name": "25509",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25509"
},
{
"name": "20070605 TPTI-07-09: Macrovision FLEXnet boisweb.dll ActiveX Control Buffer Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/470585/100/0/threaded"
},
{
"name": "1018195",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018195"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in an ActiveX control (boisweb.dll) in Macrovision FLEXnet Connect 6.0 and Update Service 3.x to 5.x allow remote attackers to execute arbitrary code via the (1) the second parameter to the DownloadAndExecute method and (2) third parameter to the AddFileEx method, a different vulnerability than CVE-2007-0328."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.installshield.com/kb/view.asp?articleid=Q113020"
},
{
"name": "macrovision-boisweb-bo(34721)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34721"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://dvlabs.tippingpoint.com/advisory/TPTI-07-09"
},
{
"name": "ADV-2007-2070",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2070"
},
{
"name": "36983",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36983"
},
{
"name": "25509",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25509"
},
{
"name": "20070605 TPTI-07-09: Macrovision FLEXnet boisweb.dll ActiveX Control Buffer Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/470585/100/0/threaded"
},
{
"name": "1018195",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018195"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2419",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in an ActiveX control (boisweb.dll) in Macrovision FLEXnet Connect 6.0 and Update Service 3.x to 5.x allow remote attackers to execute arbitrary code via the (1) the second parameter to the DownloadAndExecute method and (2) third parameter to the AddFileEx method, a different vulnerability than CVE-2007-0328."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.installshield.com/kb/view.asp?articleid=Q113020",
"refsource": "CONFIRM",
"url": "http://support.installshield.com/kb/view.asp?articleid=Q113020"
},
{
"name": "macrovision-boisweb-bo(34721)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34721"
},
{
"name": "http://dvlabs.tippingpoint.com/advisory/TPTI-07-09",
"refsource": "MISC",
"url": "http://dvlabs.tippingpoint.com/advisory/TPTI-07-09"
},
{
"name": "ADV-2007-2070",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2070"
},
{
"name": "36983",
"refsource": "OSVDB",
"url": "http://osvdb.org/36983"
},
{
"name": "25509",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25509"
},
{
"name": "20070605 TPTI-07-09: Macrovision FLEXnet boisweb.dll ActiveX Control Buffer Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/470585/100/0/threaded"
},
{
"name": "1018195",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018195"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2419",
"datePublished": "2007-06-06T10:00:00",
"dateReserved": "2007-05-01T00:00:00",
"dateUpdated": "2024-08-07T13:33:28.724Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-0328 (GCVE-0-2007-0328)
Vulnerability from cvelistv5
Published
2007-06-01 00:00
Modified
2024-08-07 12:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The DWUpdateService ActiveX control in the agent (agent.exe) in Macrovision FLEXnet Connect 6.0 and Update Service 3.x to 5.x allows remote attackers to execute arbitrary commands via (1) the Execute method, and obtain the exit status using (2) the GetExitCode method.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/36896 | vdb-entry, x_refsource_OSVDB | |
| http://support.installshield.com/kb/view.asp?articleid=Q113020 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/32842 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.blackberry.com/btsc/articles/749/KB16469_f.SAL_Public.html | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2007/2017 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/25501 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2008/3278 | vdb-entry, x_refsource_VUPEN | |
| http://www.kb.cert.org/vuls/id/524681 | third-party-advisory, x_refsource_CERT-VN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/34660 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:12:18.093Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "36896",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36896"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.installshield.com/kb/view.asp?articleid=Q113020"
},
{
"name": "32842",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32842"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.blackberry.com/btsc/articles/749/KB16469_f.SAL_Public.html"
},
{
"name": "ADV-2007-2017",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2017"
},
{
"name": "25501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25501"
},
{
"name": "ADV-2008-3278",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/3278"
},
{
"name": "VU#524681",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/524681"
},
{
"name": "macrovision-dwupdate-command-execution(34660)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34660"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The DWUpdateService ActiveX control in the agent (agent.exe) in Macrovision FLEXnet Connect 6.0 and Update Service 3.x to 5.x allows remote attackers to execute arbitrary commands via (1) the Execute method, and obtain the exit status using (2) the GetExitCode method."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "36896",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36896"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.installshield.com/kb/view.asp?articleid=Q113020"
},
{
"name": "32842",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32842"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.blackberry.com/btsc/articles/749/KB16469_f.SAL_Public.html"
},
{
"name": "ADV-2007-2017",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2017"
},
{
"name": "25501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25501"
},
{
"name": "ADV-2008-3278",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/3278"
},
{
"name": "VU#524681",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/524681"
},
{
"name": "macrovision-dwupdate-command-execution(34660)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34660"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2007-0328",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The DWUpdateService ActiveX control in the agent (agent.exe) in Macrovision FLEXnet Connect 6.0 and Update Service 3.x to 5.x allows remote attackers to execute arbitrary commands via (1) the Execute method, and obtain the exit status using (2) the GetExitCode method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36896",
"refsource": "OSVDB",
"url": "http://osvdb.org/36896"
},
{
"name": "http://support.installshield.com/kb/view.asp?articleid=Q113020",
"refsource": "CONFIRM",
"url": "http://support.installshield.com/kb/view.asp?articleid=Q113020"
},
{
"name": "32842",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32842"
},
{
"name": "http://www.blackberry.com/btsc/articles/749/KB16469_f.SAL_Public.html",
"refsource": "CONFIRM",
"url": "http://www.blackberry.com/btsc/articles/749/KB16469_f.SAL_Public.html"
},
{
"name": "ADV-2007-2017",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2017"
},
{
"name": "25501",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25501"
},
{
"name": "ADV-2008-3278",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3278"
},
{
"name": "VU#524681",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/524681"
},
{
"name": "macrovision-dwupdate-command-execution(34660)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34660"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2007-0328",
"datePublished": "2007-06-01T00:00:00",
"dateReserved": "2007-01-17T00:00:00",
"dateUpdated": "2024-08-07T12:12:18.093Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-0321 (GCVE-0-2007-0321)
Vulnerability from cvelistv5
Published
2007-02-23 01:00
Modified
2024-08-07 12:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in the Update Service Agent ActiveX Control in isusweb.dll for Macrovision FLEXnet Connect (formerly InstallShield Update Service) allows remote attackers to execute arbitrary code via the Download method.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.kb.cert.org/vuls/id/MAPG-6UERNR | x_refsource_CONFIRM | |
| http://support.installshield.com/kb/view.asp?articleid=Q113020 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/32678 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/33532 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/24270 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.kb.cert.org/vuls/id/847993 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.vupen.com/english/advisories/2007/0706 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:12:17.991Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/MAPG-6UERNR"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.installshield.com/kb/view.asp?articleid=Q113020"
},
{
"name": "macrovision-updateservice-activex-bo(32678)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32678"
},
{
"name": "33532",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/33532"
},
{
"name": "24270",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24270"
},
{
"name": "VU#847993",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/847993"
},
{
"name": "ADV-2007-0706",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0706"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-02-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the Update Service Agent ActiveX Control in isusweb.dll for Macrovision FLEXnet Connect (formerly InstallShield Update Service) allows remote attackers to execute arbitrary code via the Download method."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kb.cert.org/vuls/id/MAPG-6UERNR"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.installshield.com/kb/view.asp?articleid=Q113020"
},
{
"name": "macrovision-updateservice-activex-bo(32678)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32678"
},
{
"name": "33532",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/33532"
},
{
"name": "24270",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24270"
},
{
"name": "VU#847993",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/847993"
},
{
"name": "ADV-2007-0706",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0706"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2007-0321",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the Update Service Agent ActiveX Control in isusweb.dll for Macrovision FLEXnet Connect (formerly InstallShield Update Service) allows remote attackers to execute arbitrary code via the Download method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.kb.cert.org/vuls/id/MAPG-6UERNR",
"refsource": "CONFIRM",
"url": "http://www.kb.cert.org/vuls/id/MAPG-6UERNR"
},
{
"name": "http://support.installshield.com/kb/view.asp?articleid=Q113020",
"refsource": "CONFIRM",
"url": "http://support.installshield.com/kb/view.asp?articleid=Q113020"
},
{
"name": "macrovision-updateservice-activex-bo(32678)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32678"
},
{
"name": "33532",
"refsource": "OSVDB",
"url": "http://osvdb.org/33532"
},
{
"name": "24270",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24270"
},
{
"name": "VU#847993",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/847993"
},
{
"name": "ADV-2007-0706",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0706"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2007-0321",
"datePublished": "2007-02-23T01:00:00",
"dateReserved": "2007-01-17T00:00:00",
"dateUpdated": "2024-08-07T12:12:17.991Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-2470 (GCVE-0-2008-2470)
Vulnerability from cvelistv5
Published
2008-09-18 18:00
Modified
2024-08-07 09:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The InstallShield Update Service Agent ActiveX control in isusweb.dll allows remote attackers to cause a denial of service (memory corruption and browser crash) and possibly execute arbitrary code via a call to ExecuteRemote with a URL that results in a 404 error response.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.kb.cert.org/vuls/id/630017 | third-party-advisory, x_refsource_CERT-VN | |
| http://support.installshield.com/kb/view.asp?articleid=Q113020 | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2008/2625 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/31235 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/45248 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:05:28.344Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#630017",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/630017"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.installshield.com/kb/view.asp?articleid=Q113020"
},
{
"name": "ADV-2008-2625",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2625"
},
{
"name": "31235",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31235"
},
{
"name": "installshield-updateservice-bo(45248)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45248"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The InstallShield Update Service Agent ActiveX control in isusweb.dll allows remote attackers to cause a denial of service (memory corruption and browser crash) and possibly execute arbitrary code via a call to ExecuteRemote with a URL that results in a 404 error response."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#630017",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/630017"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.installshield.com/kb/view.asp?articleid=Q113020"
},
{
"name": "ADV-2008-2625",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2625"
},
{
"name": "31235",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31235"
},
{
"name": "installshield-updateservice-bo(45248)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45248"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2008-2470",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The InstallShield Update Service Agent ActiveX control in isusweb.dll allows remote attackers to cause a denial of service (memory corruption and browser crash) and possibly execute arbitrary code via a call to ExecuteRemote with a URL that results in a 404 error response."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#630017",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/630017"
},
{
"name": "http://support.installshield.com/kb/view.asp?articleid=Q113020",
"refsource": "CONFIRM",
"url": "http://support.installshield.com/kb/view.asp?articleid=Q113020"
},
{
"name": "ADV-2008-2625",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2625"
},
{
"name": "31235",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31235"
},
{
"name": "installshield-updateservice-bo(45248)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45248"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2008-2470",
"datePublished": "2008-09-18T18:00:00",
"dateReserved": "2008-05-28T00:00:00",
"dateUpdated": "2024-08-07T09:05:28.344Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5660 (GCVE-0-2007-5660)
Vulnerability from cvelistv5
Published
2007-11-02 16:00
Modified
2024-08-07 15:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in the Update Service ActiveX control in isusweb.dll before 6.0.100.65101 in MacroVision FLEXnet Connect and InstallShield 2008 allows remote attackers to execute arbitrary code via an unspecified "unsafe method," possibly involving a buffer overflow.
References
| ▼ | URL | Tags |
|---|---|---|
| http://support.installshield.com/kb/view.asp?articleid=Q113020 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/27475 | third-party-advisory, x_refsource_SECUNIA | |
| http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=618 | third-party-advisory, x_refsource_IDEFENSE | |
| http://osvdb.org/38347 | vdb-entry, x_refsource_OSVDB | |
| http://www.vupen.com/english/advisories/2007/3670 | vdb-entry, x_refsource_VUPEN | |
| http://www.securitytracker.com/id?1018881 | vdb-entry, x_refsource_SECTRACK | |
| http://www.macrovision.com/promolanding/7660.htm | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/26280 | vdb-entry, x_refsource_BID | |
| http://support.installshield.com/kb/view.asp?articleid=Q113602 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/38210 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:39:13.712Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.installshield.com/kb/view.asp?articleid=Q113020"
},
{
"name": "27475",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27475"
},
{
"name": "20071031 Macrovision InstallShield Update Service ActiveX Unsafe Method Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=618"
},
{
"name": "38347",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38347"
},
{
"name": "ADV-2007-3670",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3670"
},
{
"name": "1018881",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018881"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.macrovision.com/promolanding/7660.htm"
},
{
"name": "26280",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26280"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.installshield.com/kb/view.asp?articleid=Q113602"
},
{
"name": "macrovision-isusweb-code-execution(38210)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38210"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-10-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Update Service ActiveX control in isusweb.dll before 6.0.100.65101 in MacroVision FLEXnet Connect and InstallShield 2008 allows remote attackers to execute arbitrary code via an unspecified \"unsafe method,\" possibly involving a buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.installshield.com/kb/view.asp?articleid=Q113020"
},
{
"name": "27475",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27475"
},
{
"name": "20071031 Macrovision InstallShield Update Service ActiveX Unsafe Method Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=618"
},
{
"name": "38347",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38347"
},
{
"name": "ADV-2007-3670",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3670"
},
{
"name": "1018881",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018881"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.macrovision.com/promolanding/7660.htm"
},
{
"name": "26280",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26280"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.installshield.com/kb/view.asp?articleid=Q113602"
},
{
"name": "macrovision-isusweb-code-execution(38210)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38210"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5660",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Update Service ActiveX control in isusweb.dll before 6.0.100.65101 in MacroVision FLEXnet Connect and InstallShield 2008 allows remote attackers to execute arbitrary code via an unspecified \"unsafe method,\" possibly involving a buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.installshield.com/kb/view.asp?articleid=Q113020",
"refsource": "CONFIRM",
"url": "http://support.installshield.com/kb/view.asp?articleid=Q113020"
},
{
"name": "27475",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27475"
},
{
"name": "20071031 Macrovision InstallShield Update Service ActiveX Unsafe Method Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=618"
},
{
"name": "38347",
"refsource": "OSVDB",
"url": "http://osvdb.org/38347"
},
{
"name": "ADV-2007-3670",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3670"
},
{
"name": "1018881",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018881"
},
{
"name": "http://www.macrovision.com/promolanding/7660.htm",
"refsource": "CONFIRM",
"url": "http://www.macrovision.com/promolanding/7660.htm"
},
{
"name": "26280",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26280"
},
{
"name": "http://support.installshield.com/kb/view.asp?articleid=Q113602",
"refsource": "CONFIRM",
"url": "http://support.installshield.com/kb/view.asp?articleid=Q113602"
},
{
"name": "macrovision-isusweb-code-execution(38210)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38210"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5660",
"datePublished": "2007-11-02T16:00:00",
"dateReserved": "2007-10-23T00:00:00",
"dateUpdated": "2024-08-07T15:39:13.712Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2007-06-06 10:30
Modified
2025-04-09 00:30
Severity ?
Summary
Multiple buffer overflows in an ActiveX control (boisweb.dll) in Macrovision FLEXnet Connect 6.0 and Update Service 3.x to 5.x allow remote attackers to execute arbitrary code via the (1) the second parameter to the DownloadAndExecute method and (2) third parameter to the AddFileEx method, a different vulnerability than CVE-2007-0328.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| macrovision | flexnet_connect | 6.0 | |
| macrovision | update_service | 3.0 | |
| macrovision | update_service | 4.0 | |
| macrovision | update_service | 5.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:macrovision:flexnet_connect:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2B07D756-3DB4-4ECD-83FD-CB60830F9267",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:macrovision:update_service:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A09B825D-2B5C-4BA8-AF5D-AB0C3FB61BA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:macrovision:update_service:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "61E90832-465C-4C77-8171-36593FEF3DB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:macrovision:update_service:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8427D006-33CA-4677-9536-26596FB210D9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in an ActiveX control (boisweb.dll) in Macrovision FLEXnet Connect 6.0 and Update Service 3.x to 5.x allow remote attackers to execute arbitrary code via the (1) the second parameter to the DownloadAndExecute method and (2) third parameter to the AddFileEx method, a different vulnerability than CVE-2007-0328."
},
{
"lang": "es",
"value": "M\u00faltiples desordamientos de b\u00fafer en un control ActiveX (boisweb.dll) en Macrovision FLEXnet Connect 6.0 y Update Service 3.x hasta 5.x permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de (1) el segudo par\u00e1metro del m\u00e9todo DownloadAndExecute y (2) el tercer par\u00e1metro del m\u00e9todo AddFileEx, una vulnerabilidad diferente de CVE-2007-0328."
}
],
"id": "CVE-2007-2419",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-06-06T10:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://dvlabs.tippingpoint.com/advisory/TPTI-07-09"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/36983"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25509"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://support.installshield.com/kb/view.asp?articleid=Q113020"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/470585/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1018195"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/2070"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34721"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://dvlabs.tippingpoint.com/advisory/TPTI-07-09"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/36983"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25509"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://support.installshield.com/kb/view.asp?articleid=Q113020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/470585/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018195"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2070"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34721"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-11-02 16:46
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in the Update Service ActiveX control in isusweb.dll before 6.0.100.65101 in MacroVision FLEXnet Connect and InstallShield 2008 allows remote attackers to execute arbitrary code via an unspecified "unsafe method," possibly involving a buffer overflow.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| macrovision | flexnet_connect | * | |
| macrovision | installshield_2008 | * | |
| macrovision | update_service | 3.0 | |
| macrovision | update_service | 4.0 | |
| macrovision | update_service | 5.0 | |
| macrovision | update_service | 5.1.100_47363 | |
| macrovision | update_service | 6.0.100_60146 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:macrovision:flexnet_connect:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EBB47236-7B96-4009-822B-C3A1AFCB3434",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:macrovision:installshield_2008:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DEB1849E-A0FA-478A-B5CA-D515775A3D98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:macrovision:update_service:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A09B825D-2B5C-4BA8-AF5D-AB0C3FB61BA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:macrovision:update_service:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "61E90832-465C-4C77-8171-36593FEF3DB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:macrovision:update_service:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8427D006-33CA-4677-9536-26596FB210D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:macrovision:update_service:5.1.100_47363:*:*:*:*:*:*:*",
"matchCriteriaId": "C231476E-2C4B-49CF-A322-5BC972CF8107",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:macrovision:update_service:6.0.100_60146:*:*:*:*:*:*:*",
"matchCriteriaId": "06BF3AF2-9326-4856-820B-6788D09F05BF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Update Service ActiveX control in isusweb.dll before 6.0.100.65101 in MacroVision FLEXnet Connect and InstallShield 2008 allows remote attackers to execute arbitrary code via an unspecified \"unsafe method,\" possibly involving a buffer overflow."
},
{
"lang": "es",
"value": "Vulnerabilidad sin especificar en el control de ActiveX Update Service en el isusweb.dll anterior al 6.0.100.65101 en el MacroVision FLEXnet Connect y InstallShield 2008 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de \"un m\u00e9todo inseguro\" sin especificar y, posiblemente, involucrando un desbordamiento de b\u00fafer."
}
],
"id": "CVE-2007-5660",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-11-02T16:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=618"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/38347"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27475"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://support.installshield.com/kb/view.asp?articleid=Q113020"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://support.installshield.com/kb/view.asp?articleid=Q113602"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.macrovision.com/promolanding/7660.htm"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/26280"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1018881"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/3670"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38210"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=618"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/38347"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27475"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://support.installshield.com/kb/view.asp?articleid=Q113020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://support.installshield.com/kb/view.asp?articleid=Q113602"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.macrovision.com/promolanding/7660.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/26280"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018881"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/3670"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38210"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-09-18 18:00
Modified
2025-04-09 00:30
Severity ?
Summary
The InstallShield Update Service Agent ActiveX control in isusweb.dll allows remote attackers to cause a denial of service (memory corruption and browser crash) and possibly execute arbitrary code via a call to ExecuteRemote with a URL that results in a 404 error response.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| macrovision | flexnet_connect | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:macrovision:flexnet_connect:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2B07D756-3DB4-4ECD-83FD-CB60830F9267",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The InstallShield Update Service Agent ActiveX control in isusweb.dll allows remote attackers to cause a denial of service (memory corruption and browser crash) and possibly execute arbitrary code via a call to ExecuteRemote with a URL that results in a 404 error response."
},
{
"lang": "es",
"value": "El control ActiveX InstallShield Update Service Agent en isusweb.dll que permite a los atacantes remotos causar una denegaci\u00f3n de servicios (corrupci\u00f3n de memoria y ca\u00edda del navegador) y posiblemente ejecutar arbitrariamente c\u00f3digo a trav\u00e9s de una llamada a ExecuteRemote con una URL que resulta de una respuesta de error 404."
}
],
"id": "CVE-2008-2470",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-09-18T18:00:00.360",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Patch"
],
"url": "http://support.installshield.com/kb/view.asp?articleid=Q113020"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/630017"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/31235"
},
{
"source": "cret@cert.org",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/2625"
},
{
"source": "cret@cert.org",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45248"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://support.installshield.com/kb/view.asp?articleid=Q113020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/630017"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/31235"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/2625"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45248"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-02-23 03:28
Modified
2025-04-09 00:30
Severity ?
Summary
Buffer overflow in the Update Service Agent ActiveX Control in isusweb.dll for Macrovision FLEXnet Connect (formerly InstallShield Update Service) allows remote attackers to execute arbitrary code via the Download method.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| macrovision | flexnet_connect | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:macrovision:flexnet_connect:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EBB47236-7B96-4009-822B-C3A1AFCB3434",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the Update Service Agent ActiveX Control in isusweb.dll for Macrovision FLEXnet Connect (formerly InstallShield Update Service) allows remote attackers to execute arbitrary code via the Download method."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en el control ActiveX Update Service Agent en isusweb.dll para Macrovision FLEXnet Connect (antiguamente InstallShield Update Service) permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante el m\u00e9todo Download."
}
],
"id": "CVE-2007-0321",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-02-23T03:28:00.000",
"references": [
{
"source": "cret@cert.org",
"url": "http://osvdb.org/33532"
},
{
"source": "cret@cert.org",
"url": "http://secunia.com/advisories/24270"
},
{
"source": "cret@cert.org",
"url": "http://support.installshield.com/kb/view.asp?articleid=Q113020"
},
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/847993"
},
{
"source": "cret@cert.org",
"url": "http://www.kb.cert.org/vuls/id/MAPG-6UERNR"
},
{
"source": "cret@cert.org",
"url": "http://www.vupen.com/english/advisories/2007/0706"
},
{
"source": "cret@cert.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32678"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/33532"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24270"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.installshield.com/kb/view.asp?articleid=Q113020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/847993"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.kb.cert.org/vuls/id/MAPG-6UERNR"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/0706"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32678"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-06-01 00:30
Modified
2025-04-09 00:30
Severity ?
Summary
The DWUpdateService ActiveX control in the agent (agent.exe) in Macrovision FLEXnet Connect 6.0 and Update Service 3.x to 5.x allows remote attackers to execute arbitrary commands via (1) the Execute method, and obtain the exit status using (2) the GetExitCode method.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| macrovision | flexnet_connect | 6.0 | |
| macrovision | update_service | 3.0 | |
| macrovision | update_service | 4.0 | |
| macrovision | update_service | 5.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:macrovision:flexnet_connect:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2B07D756-3DB4-4ECD-83FD-CB60830F9267",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:macrovision:update_service:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A09B825D-2B5C-4BA8-AF5D-AB0C3FB61BA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:macrovision:update_service:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "61E90832-465C-4C77-8171-36593FEF3DB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:macrovision:update_service:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8427D006-33CA-4677-9536-26596FB210D9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The DWUpdateService ActiveX control in the agent (agent.exe) in Macrovision FLEXnet Connect 6.0 and Update Service 3.x to 5.x allows remote attackers to execute arbitrary commands via (1) the Execute method, and obtain the exit status using (2) the GetExitCode method."
},
{
"lang": "es",
"value": "El control ActiveX DWUpdateService en el agente (agent.exe) en Macrovision FLEXnet Connect versi\u00f3n 6.0 y Update Service versiones 3.x hasta 5.x, permite a atacantes remotos ejecutar comandos arbitrarios por medio de (1) el m\u00e9todo Execute y obtener el estado de salida usando (2) el m\u00e9todo GetExitCode."
}
],
"id": "CVE-2007-0328",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-06-01T00:30:00.000",
"references": [
{
"source": "cret@cert.org",
"url": "http://osvdb.org/36896"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25501"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32842"
},
{
"source": "cret@cert.org",
"tags": [
"Patch"
],
"url": "http://support.installshield.com/kb/view.asp?articleid=Q113020"
},
{
"source": "cret@cert.org",
"url": "http://www.blackberry.com/btsc/articles/749/KB16469_f.SAL_Public.html"
},
{
"source": "cret@cert.org",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/524681"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/2017"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/3278"
},
{
"source": "cret@cert.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34660"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/36896"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25501"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32842"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://support.installshield.com/kb/view.asp?articleid=Q113020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.blackberry.com/btsc/articles/749/KB16469_f.SAL_Public.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/524681"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/2017"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/3278"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34660"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}