Lucene search

SAINT CorporationSAINT:C5A816791E0E4F944F49479F42D46CBF

HistoryJan 04, 2008 - 12:00 a.m.

MacroVision InstallShield Update Service DownloadAndExecute buffer overflow

2008-01-0400:00:00

SAINT Corporation

download.saintcorporation.com

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.748 High

EPSS

Percentile

98.1%

JSON

Added: 01/04/2008
CVE: CVE-2007-6654
BID: 27013
OSVDB: 39980

Background

MacroVision InstallShield is software for creating installers or software packages.

Problem

A buffer overflow in the DownloadAndExecute function in the Update Service ActiveX control allows command execution when a user loads a specially crafted web page.

Resolution

Apply the patch, which marks the object as unsafe for scripting.

References

<http://archives.neohapsis.com/archives/fulldisclosure/2007-12/0553.html>

Limitations

Exploit works on Macrovision InstallShield 2008 and requires a user to load the exploit page in Internet Explorer.

Platforms

Windows

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.748 High

EPSS

Percentile

98.1%

JSON

Related for SAINT:C5A816791E0E4F944F49479F42D46CBF