Lucene search

[email protected]CVE-2008-4587

HistoryOct 15, 2008 - 10:45 p.m.

CVE-2008-4587

2008-10-1522:45:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2008-4587

insecure method vulnerability

msvnclientdownloadmanager61lib

downloadmanager

activex control

macrovision flexnet connect 6.1

code execution

remote attackers

arbitrary files

startup folders

nvd

8.2 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.086 Low

EPSS

Percentile

94.4%

JSON

Insecure method vulnerability in the MSVNClientDownloadManager61Lib.DownloadManager.1 ActiveX control (ISDM.exe 6.1.100.61372) in Macrovision FLEXnet Connect 6.1 allows remote attackers to force the download and execution of arbitrary files via the AddFile and RunScheduledJobs methods. NOTE: this could be leveraged for code execution by uploading executable files to Startup folders.

CPENameOperatorVersion
acresso:flexnet_connectacresso flexnet connecteq6.1

CPE	Name	Operator	Version
acresso:flexnet_connect	acresso flexnet connect	eq	6.1

References

secunia.com/advisories/28496

securityreason.com/securityalert/4428

www.securityfocus.com/bid/27279

www.vupen.com/english/advisories/2008/0145

exchange.xforce.ibmcloud.com/vulnerabilities/39653

www.exploit-db.com/exploits/4909

8.2 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.086 Low

EPSS

Percentile

94.4%

JSON

Related for CVE-2008-4587

cvelist1 prion1