EUVD-2008-1104

Malware in sbrugna...

EUVD-2007-0323

Malware in sbrugna...

BlackBerry桌面管理器ActiveX控件远程代码执行漏洞

Bugraq ID: 36903 CVE ID：CVE-2009-0306 BlackBerry Desktop Manager是一款用于管理黑莓智能手机的桌面管理器。 BlackBerry桌面管理器默认包含使用的Lotus Notes Intellisync DLL存在安全问题，远程攻击者可以利用漏洞以登录用户进程权限执行任意指令。 攻击者可以诱使用户点击恶意WEB站点链接如嵌入在EMAIL消息，浏览器或即使消息中触发此漏洞。 Research In Motion Blackberry Desktop Manager 4.2.2 + Macrovision FLEXnet Connec...

SOL9243 - Acresso FLEXnet, Macrovision, InstallShield vulnerability VU#837092

Acresso FLEXnet Connect executes scripts that are insecurely retrieved from a remote web server, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Note: Acresso FLEXnet Connect was formerly known as Macrovision FLEXnet Connect, and as InstallShie...

Design/Logic Flaw

Insecure method vulnerability in the MVSNCLientWebAgent61.WebAgent.1 ActiveX control isusweb.dll 6.1.100.61372 in Macrovision FLEXnet Connect 6.1 allows remote attackers to force the download and execution of arbitrary files via the DownloadAndExecute method...

CVE-2008-4586

Insecure method vulnerability in the MVSNCLientWebAgent61.WebAgent.1 ActiveX control isusweb.dll 6.1.100.61372 in Macrovision FLEXnet Connect 6.1 allows remote attackers to force the download and execution of arbitrary files via the DownloadAndExecute method...

CVE-2008-4587

Insecure method vulnerability in the MSVNClientDownloadManager61Lib.DownloadManager.1 ActiveX control ISDM.exe 6.1.100.61372 in Macrovision FLEXnet Connect 6.1 allows remote attackers to force the download and execution of arbitrary files via the AddFile and RunScheduledJobs methods. NOTE: this...

CVE-2008-4586

In CVE-2008-4586, the affected product is Macrovision FLEXnet Connect 6.1, specifically the MVSNCLientWebAgent61.WebAgent.1 ActiveX control (isusweb.dll 6.1.100.61372). The issue is an insecure method vulnerability that allows remote attackers to force the download and execution of arbitrary file...

CVE-2008-4587

Insecure method vulnerability in the MSVNClientDownloadManager61Lib.DownloadManager.1 ActiveX control ISDM.exe 6.1.100.61372 in Macrovision FLEXnet Connect 6.1 allows remote attackers to force the download and execution of arbitrary files via the AddFile and RunScheduledJobs methods. NOTE: this...

CVE-2008-4586

Insecure method vulnerability in the MVSNCLientWebAgent61.WebAgent.1 ActiveX control isusweb.dll 6.1.100.61372 in Macrovision FLEXnet Connect 6.1 allows remote attackers to force the download and execution of arbitrary files via the DownloadAndExecute method...

CVE-2008-4587

CVE-2008-4587 describes an insecure method vulnerability in the MSVNClientDownloadManager61Lib.DownloadManager.1 ActiveX control (ISDM.exe 6.1.100.61372) of Macrovision FLEXnet Connect 6.1. An attacker could force the download and execution of arbitrary files via AddFile and RunScheduledJobs, wit...

CVE-2008-1093

Acresso InstallShield Update Agent does not properly verify the authenticity of Rule Scripts obtained from GetRules.asp web pages on FLEXnet Connect servers, which allows remote man-in-the-middle attackers to execute arbitrary VBScript code via Trojan horse Rules...

Design/Logic Flaw

Acresso InstallShield Update Agent does not properly verify the authenticity of Rule Scripts obtained from GetRules.asp web pages on FLEXnet Connect servers, which allows remote man-in-the-middle attackers to execute arbitrary VBScript code via Trojan horse Rules...

InstallShield Update Service Agent ActiveX control memory corruption

Overview The InstallShield Update Service ActiveX control contains a memory corruption vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The InstallShield Update Service contains an ActiveX control called Update Service...

CVE-2008-1093

Acresso InstallShield Update Agent does not properly verify the authenticity of Rule Scripts obtained from GetRules.asp web pages on FLEXnet Connect servers, which allows remote man-in-the-middle attackers to execute arbitrary VBScript code via Trojan horse Rules...

CVE-2008-1093

The CVE-2008-1093 issue affects Acresso/Macrovision/InstallShield Update Agent (FLEXnet Connect) where Rule Scripts retrieved from GetRules.asp are not authenticated or encrypted, allowing a remote attacker to inject arbitrary VBScript and execute code on a vulnerable system. The root cause is in...

InstallShield / Macrovision / Acresso FLEXnet Connect insecurely retrieves and executes scripts

Overview Acresso FLEXnet Connect executes scripts that are insecurely retrieved from a remote web server, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Acresso FLEXnet Connect is a software package that allows vendors to provide...

InstallShield Update Agent - Downloads and executes "Rule Scripts" insecurely.

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUMMARY InstallShield Update Agent - Remote "Rule Script" Code Execution Vulnerability. OVERVIEW InstallShield Update Agent uses insecure methods of retrieving operational script code from unauthenticated, unverified external sources over HTTP...

Macrovision FLEXnet Connect ActiveX控件任意文件下载漏洞

BUGTRAQ ID: 27279 Macrovision FLEXnet Connect是一种应用软件的厂商为用户提供产品相关的更新及信息发布的工具。 FLEXnet Connect的ActiveX控件实现上存在漏洞，远程攻击者可能利用此漏洞下载任意文件到用户系统。 FLEXnet Connect所使用的DownloadManager控件： ISDM.exe version 6.1.100.61372 MVSNClientDownloadManager61Lib.DownloadManager FCED4482-7CCB-4E6F-86C9-DCB22B52843C...

[Full-disclosure] Macrovision FlexNet Connect DownloadManager Insecure Methods

Who: Macrovision What: Macrovision FlexNext Connect is a software package that allows ISV's to update their software products. It is generally used in conjunction with the InstallShield software deploymnet framework. FlexNet uses a number of ActiveX controls, some of which are marked safe for...