EUVD-2007-6619

Malware in sbrugna...

Design/Logic Flaw

Flexera Macrovision InstallShield before 2008 sends a digital-signature password to an unintended application during certain signature operations involving .spc and .pvk files, which might allow local users to obtain sensitive information via unspecified vectors, related to an incorrect interacti...

Macrovision Installshield Update Service - ActiveX Unsafe Method (Metasploit)

$Id: macrovisionunsafe.rb 10394 2010-09-20 08:06:27Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

Macrovision Installshield Update Service - Remote Buffer Overflow (Metasploit)

$Id: macrovisiondownloadandexecute.rb 9262 2010-05-09 17:45:00Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

Macrovision InstallShield Update Service isusweb.dll Remote Buffer Overflow (CVE-2007-6654)

Macrovision InstallShield line of products provides solution to software publishers and developers for electronically packaging, distributing, and updating their applications. More specifically, InstallShield is a software tool for creating installers or software packages. A buffer overflow...

Macrovision InstallShield Update Service ActiveX Unsafe Method

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Macrovision...

Macrovision InstallShield Update Service Buffer Overflow

$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Macrovision...

Macrovision InstallShield Update Service ActiveX Unsafe Method

This module allows attackers to execute code via an unsafe method in Macrovision InstallShield 2008. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Macrovision InstallShield Update Service...

Macrovision InstallShield Update Service Agent ActiveX Memory Corruption (CVE-2008-2470)

Macrovision InstallShield is a software tool for creating installers or software packages. A memory corruption vulnerability has been reported in Macrovision InstallShield Update Service. The vulnerability is due to a design error in the Macrovision InstallShield Update Service while processing...

CVE-2007-5661

The Macrovision InstallShield InstallScript One-Click Install OCI ActiveX control 12.0 before SP2 does not validate the DLL files that are named as parameters to the control, which allows remote attackers to download arbitrary library code onto a client machine...

PT-2008-1509 · Macrovision · Installshield Installscript One-Click Install (Oci) Activex Control

Name of the Vulnerable Software and Affected Versions: Macrovision InstallShield InstallScript One-Click Install OCI ActiveX control version 12.0 before SP2 Description: The issue concerns the failure of the Macrovision InstallShield InstallScript One-Click Install OCI ActiveX control to validate...

Macrovision InstallShield InstallScript OCI控件不可信任库代码执行漏洞

BUGTRAQ ID: 28533 CVECAN ID: CVE-2007-5661 MacroVision InstallShield是很多软件厂商都在使用的安装程序解决方案。 InstallShield所安装的InstallScript One-Click Install ActiveX控件加载了不可信任的函数库，可能允许远程攻击者以当前登录用户的权限执行任意命令。 InstallShield InstallScript One-Click Install控件的属性如下： 文件：%WINDIR%\Downloaded Program Files\setup.exe...

iDefense Security Advisory 03.31.08: Macrovision InstallShield InstallScript One-Click Install Untrusted Library Loading Vulnerability

iDefense Security Advisory 03.31.08 http://labs.idefense.com/intelligence/vulnerabilities/ Mar 31, 2008 I. BACKGROUND Macrovision InstallShield InstallScript One-Click Install OCI is a web based installer technology that allows software publishers to distribute minimal installer packages which...

Macrovision InstallShield InstallScript One-Click Install ActiveX code exectuion

Control allows to download and execute dynamic library from remote site...

Macrovision InstallShield Update Service ActiveX Control Code Execution (CVE-2007-5660)

Macrovision InstallShield is a software tool for creating installers or software packages. This vulnerability is due to errors in the Macrovision InstallShield Update Service ActiveX Control when handling webpage scripts. To trigger this issue, an attacker may create a malicious web page that wil...

Macrovision Installshield isusweb.dll SEH Overwrite Exploit

No description provided by source. !-- written by e.b. Macrovision Installshield isusweb.dll SEH Overwrite Exploit Tested on Windows XP SP2fully patched English, IE6, isusweb.dll version 5.1.100.47363 Thanks to h.d.m. and the Metasploit crew -- html head...

Buffer overflow

Buffer overflow in a certain ActiveX control in Macrovision InstallShield Update Service Web Agent 5.1.100.47363 allows remote attackers to execute arbitrary code via a long string in the ProductCode argument second argument to the DownloadAndExecute method, a different vulnerability than...

CVE-2007-6654

CVE-2007-6654 is a buffer overflow in Macrovision InstallShield Update Service Web Agent 5.1.100.47363, affecting its ActiveX control. A remote attacker can execute arbitrary code by passing a long ProductCode string as the second argument to the DownloadAndExecute method. This entry is distinct ...

MacroVision InstallShield Update Service DownloadAndExecute buffer overflow

Added: 01/04/2008 CVE: CVE-2007-6654 BID: 27013 OSVDB: 39980 Background MacroVision InstallShield is software for creating installers or software packages. Problem A buffer overflow in the DownloadAndExecute function in the Update Service ActiveX control allows command execution when a user loads...

MacroVision InstallShield Update Service DownloadAndExecute buffer overflow

Added: 01/04/2008 CVE: CVE-2007-6654 BID: 27013 OSVDB: 39980 Background MacroVision InstallShield is software for creating installers or software packages. Problem A buffer overflow in the DownloadAndExecute function in the Update Service ActiveX control allows command execution when a user loads...