Lucene search
SAINT CorporationSAINT:9A2CFF338A197664DACA97C989D280E8HistoryDec 07, 2007 - 12:00 a.m.
MacroVision InstallShield Update Service isusweb.dll unsafe method
2007-12-0700:00:00
SAINT Corporation
www.saintcorporation.com
9
0.963 High
EPSS
Percentile
99.4%
Added: 12/07/2007
CVE: CVE-2007-5660
BID: 26280
OSVDB: 38347
Background
MacroVision InstallShield is software for creating installers or software packages.
Problem
Several unsafe methods in the Update Service ActiveX control allow command execution when a user loads a specially crafted web page.
Resolution
Apply the patch referenced in Macrovision knowledge base article Q113020.
References
<http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=618>
Limitations
Exploit works on MacroVision InstallShield 2008 and requires a user to open the exploit page in Internet Explorer.
Platforms
Windows
Related
seebug
seebug
Macrovision InstallShield升级服务ActiveX控件不安全方式漏洞
2007-11-02 00:00:00
cve
cve
CVE-2007-5660
2007-11-02 16:46:00
CVE-2007-6654
2008-01-04 11:46:00
canvas
canvas
Immunity Canvas: INSTALLSHIELD
2007-11-02 16:46:00
securityvulns
securityvulns
checkpoint_advisories
checkpoint_advisories
saint
saint
MacroVision InstallShield Update Service isusweb.dll unsafe method
2007-12-07 00:00:00
MacroVision InstallShield Update Service isusweb.dll unsafe method
2007-12-07 00:00:00
MacroVision InstallShield Update Service isusweb.dll unsafe method
2007-12-07 00:00:00
packetstorm
packetstorm
Macrovision InstallShield Update Service ActiveX Unsafe Method
2009-11-26 00:00:00
Macrovision InstallShield Update Service Buffer Overflow
2009-11-26 00:00:00
prion
prion
Buffer overflow
2007-11-02 16:46:00
Buffer overflow
2008-01-04 11:46:00
nessus
nessus