6.7 Medium
AI Score
Confidence
High
0.043 Low
EPSS
Percentile
92.2%
The InstallProduct routine in the Verisign VUpdater.Install (aka i-Nav) ActiveX control does not verify Microsoft Cabinet (.CAB) files, which allows remote attackers to run an arbitrary executable file.