Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:3322102E04EE0FCAF77C24A58E67F2AA
HistoryDec 07, 2007 - 12:00 a.m.

MacroVision InstallShield Update Service isusweb.dll unsafe method

2007-12-0700:00:00
SAINT Corporation
download.saintcorporation.com
12

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.96 High

EPSS

Percentile

99.5%

JSON

Added: 12/07/2007
CVE: CVE-2007-5660
BID: 26280
OSVDB: 38347

Background

MacroVision InstallShield is software for creating installers or software packages.

Problem

Several unsafe methods in the Update Service ActiveX control allow command execution when a user loads a specially crafted web page.

Resolution

Apply the patch referenced in Macrovision knowledge base article Q113020.

References

<http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=618&gt;

Limitations

Exploit works on MacroVision InstallShield 2008 and requires a user to open the exploit page in Internet Explorer.

Platforms

Windows

Related

saint 3
seebug 1
cve 2
canvas 1
securityvulns 2
checkpoint_advisories 1
packetstorm 2
prion 2
nessus 1
saint
saint
MacroVision InstallShield Update Service isusweb.dll unsafe method
2007-12-07 00:00:00
MacroVision InstallShield Update Service isusweb.dll unsafe method
2007-12-07 00:00:00
MacroVision InstallShield Update Service isusweb.dll unsafe method
2007-12-07 00:00:00
seebug
seebug
Macrovision InstallShield升级服务ActiveX控件不安全方式漏洞
2007-11-02 00:00:00
cve
cve
CVE-2007-5660
2007-11-02 16:46:00
CVE-2007-6654
2008-01-04 11:46:00
canvas
canvas
Immunity Canvas: INSTALLSHIELD
2007-11-02 16:46:00
securityvulns
securityvulns
iDefense Security Advisory 10.31.07: Macrovision InstallShield Update Service ActiveX Unsafe Method Vulnerability
2007-11-02 00:00:00
Macrovision InstallShield ActiveX code execution
2007-12-26 00:00:00
checkpoint_advisories
checkpoint_advisories
Macrovision InstallShield Update Service ActiveX Control Code Execution (CVE-2007-5660)
2008-01-17 00:00:00
packetstorm
packetstorm
Macrovision InstallShield Update Service ActiveX Unsafe Method
2009-11-26 00:00:00
Macrovision InstallShield Update Service Buffer Overflow
2009-11-26 00:00:00
prion
prion
Buffer overflow
2007-11-02 16:46:00
Buffer overflow
2008-01-04 11:46:00
nessus
nessus
FLEXnet Connect Update Service ActiveX Control Multiple Code Execution Vulnerabilities
2007-11-01 00:00:00

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.96 High

EPSS

Percentile

99.5%

JSON
Related for SAINT:3322102E04EE0FCAF77C24A58E67F2AA
saint3seebug1cve2canvas1securityvulns2checkpoint_advisories1packetstorm2prion2nessus1