EUVD-2008-1104

Malware in sbrugna...

K9243: Acresso FLEXnet, Macrovision, InstallShield vulnerability VU#837092

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

SOL9243 - Acresso FLEXnet, Macrovision, InstallShield vulnerability VU#837092

Acresso FLEXnet Connect executes scripts that are insecurely retrieved from a remote web server, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Note: Acresso FLEXnet Connect was formerly known as Macrovision FLEXnet Connect, and as InstallShie...

CVE-2008-1093

Acresso InstallShield Update Agent does not properly verify the authenticity of Rule Scripts obtained from GetRules.asp web pages on FLEXnet Connect servers, which allows remote man-in-the-middle attackers to execute arbitrary VBScript code via Trojan horse Rules...

Design/Logic Flaw

Acresso InstallShield Update Agent does not properly verify the authenticity of Rule Scripts obtained from GetRules.asp web pages on FLEXnet Connect servers, which allows remote man-in-the-middle attackers to execute arbitrary VBScript code via Trojan horse Rules...

CVE-2008-1093

Acresso InstallShield Update Agent does not properly verify the authenticity of Rule Scripts obtained from GetRules.asp web pages on FLEXnet Connect servers, which allows remote man-in-the-middle attackers to execute arbitrary VBScript code via Trojan horse Rules...

CVE-2008-1093

The CVE-2008-1093 issue affects Acresso/Macrovision/InstallShield Update Agent (FLEXnet Connect) where Rule Scripts retrieved from GetRules.asp are not authenticated or encrypted, allowing a remote attacker to inject arbitrary VBScript and execute code on a vulnerable system. The root cause is in...

InstallShield / Macrovision / Acresso FLEXnet Connect insecurely retrieves and executes scripts

Overview Acresso FLEXnet Connect executes scripts that are insecurely retrieved from a remote web server, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Acresso FLEXnet Connect is a software package that allows vendors to provide...

Macrovision FLEXnet Connect / InstallShield Update Service Agent ActiveX buffer overflows

Overview The Macrovision / InstallShield Update Service Web Agent ActiveX control contains buffer overflows, which could allow an attacker to execute arbitrary code on a vulnerable system. Description The InstallShield Update Service, now known as Macrovision FLEXnet Connect, contains an ActiveX...