200 matches found
CVE-2008-2470
CVE-2008-2470 : The InstallShield Update Service Agent ActiveX control in isusweb.dll has a memory corruption vulnerability triggered by ExecuteRemote() with a URL returning 404. This can allow remote, unauthenticated attackers to execute arbitrary code or crash the browser. The issue affects the...
Memory corruption
The InstallShield Update Service Agent ActiveX control in isusweb.dll allows remote attackers to cause a denial of service memory corruption and browser crash and possibly execute arbitrary code via a call to ExecuteRemote with a URL that results in a 404 error response...
CVE-2008-2470
The InstallShield Update Service Agent ActiveX control in isusweb.dll allows remote attackers to cause a denial of service memory corruption and browser crash and possibly execute arbitrary code via a call to ExecuteRemote with a URL that results in a 404 error response...
CVE-2008-2470
The InstallShield Update Service Agent ActiveX control in isusweb.dll allows remote attackers to cause a denial of service memory corruption and browser crash and possibly execute arbitrary code via a call to ExecuteRemote with a URL that results in a 404 error response...
CVE-2008-1093
Acresso InstallShield Update Agent does not properly verify the authenticity of Rule Scripts obtained from GetRules.asp web pages on FLEXnet Connect servers, which allows remote man-in-the-middle attackers to execute arbitrary VBScript code via Trojan horse Rules...
Design/Logic Flaw
Acresso InstallShield Update Agent does not properly verify the authenticity of Rule Scripts obtained from GetRules.asp web pages on FLEXnet Connect servers, which allows remote man-in-the-middle attackers to execute arbitrary VBScript code via Trojan horse Rules...
InstallShield Update Service Agent ActiveX control memory corruption
Overview The InstallShield Update Service ActiveX control contains a memory corruption vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The InstallShield Update Service contains an ActiveX control called Update Service...
CVE-2008-1093
Acresso InstallShield Update Agent does not properly verify the authenticity of Rule Scripts obtained from GetRules.asp web pages on FLEXnet Connect servers, which allows remote man-in-the-middle attackers to execute arbitrary VBScript code via Trojan horse Rules...
CVE-2008-1093
The CVE-2008-1093 issue affects Acresso/Macrovision/InstallShield Update Agent (FLEXnet Connect) where Rule Scripts retrieved from GetRules.asp are not authenticated or encrypted, allowing a remote attacker to inject arbitrary VBScript and execute code on a vulnerable system. The root cause is in...
InstallShield Update Services server spoofing
Server's identity is not checked during update rules download...
InstallShield Update Agent - Downloads and executes "Rule Scripts" insecurely.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUMMARY InstallShield Update Agent - Remote "Rule Script" Code Execution Vulnerability. OVERVIEW InstallShield Update Agent uses insecure methods of retrieving operational script code from unauthenticated, unverified external sources over HTTP...
InstallShield / Macrovision / Acresso FLEXnet Connect insecurely retrieves and executes scripts
Overview Acresso FLEXnet Connect executes scripts that are insecurely retrieved from a remote web server, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Acresso FLEXnet Connect is a software package that allows vendors to provide...
Code injection
The Macrovision InstallShield InstallScript One-Click Install OCI ActiveX control 12.0 before SP2 does not validate the DLL files that are named as parameters to the control, which allows remote attackers to download arbitrary library code onto a client machine...
CVE-2007-5661
The Macrovision InstallShield InstallScript One-Click Install OCI ActiveX control 12.0 before SP2 does not validate the DLL files that are named as parameters to the control, which allows remote attackers to download arbitrary library code onto a client machine...
CVE-2007-5661
The CVE-2007-5661 issue affects Macrovision InstallShield InstallScript One-Click Install ActiveX control (12.0 before SP2). The OCI ActiveX loads DLLs from remote sites without validating the libraries, enabling remote code execution with the user’s privileges when a user visits a crafted web pa...
CVE-2007-5661
The Macrovision InstallShield InstallScript One-Click Install OCI ActiveX control 12.0 before SP2 does not validate the DLL files that are named as parameters to the control, which allows remote attackers to download arbitrary library code onto a client machine...
PT-2008-1509 · Macrovision · Installshield Installscript One-Click Install (Oci) Activex Control
Name of the Vulnerable Software and Affected Versions: Macrovision InstallShield InstallScript One-Click Install OCI ActiveX control version 12.0 before SP2 Description: The issue concerns the failure of the Macrovision InstallShield InstallScript One-Click Install OCI ActiveX control to validate...
Macrovision InstallShield InstallScript OCI控件不可信任库代码执行漏洞
BUGTRAQ ID: 28533 CVECAN ID: CVE-2007-5661 MacroVision InstallShield是很多软件厂商都在使用的安装程序解决方案。 InstallShield所安装的InstallScript One-Click Install ActiveX控件加载了不可信任的函数库,可能允许远程攻击者以当前登录用户的权限执行任意命令。 InstallShield InstallScript One-Click Install控件的属性如下: 文件:%WINDIR%\Downloaded Program Files\setup.exe...
Macrovision InstallShield InstallScript One-Click Install ActiveX code exectuion
Control allows to download and execute dynamic library from remote site...
iDefense Security Advisory 03.31.08: Macrovision InstallShield InstallScript One-Click Install Untrusted Library Loading Vulnerability
iDefense Security Advisory 03.31.08 http://labs.idefense.com/intelligence/vulnerabilities/ Mar 31, 2008 I. BACKGROUND Macrovision InstallShield InstallScript One-Click Install OCI is a web based installer technology that allows software publishers to distribute minimal installer packages which...