Lucene search
MitreCVE-2007-1009HistoryApr 19, 2007 - 10:19 a.m.
CVE-2007-1009
2007-04-1910:19:00
mitre
web.nvd.nist.gov
41
cve-2007-1009
installanywhere
enterprise
vulnerability
nvd
local users
unauthorized installation
CVSS2
4.6
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
AI Score
6.4
Confidence
Low
EPSS
0
Percentile
5.1%
Macrovision InstallAnywhere Enterprise before 8.0.1 uses the InstallScript.iap_xml configuration file without integrity protection to verify authorization for installing an application, which allows local users to perform unauthorized installations by removing the (1) password or (2) serial number verification sections from this file.
Affected configurations
Node
macrovisioninstallanywhereMatch8enterprise
ORmacrovisioninstallanywhereMatch8standard
| Vendor | Product | Version | CPE |
|---|---|---|---|
| macrovision | installanywhere | 8 | cpe:2.3:a:macrovision:installanywhere:8:*:enterprise:*:*:*:*:* |
| macrovision | installanywhere | 8 | cpe:2.3:a:macrovision:installanywhere:8:*:standard:*:*:*:*:* |
Related
securityvulns
securityvulns
SYMSA-2007-003 Macrovision InstallAnywhere Password and Serial Number Bypass
2007-04-20 00:00:00
Macrovision InstallAnywhere protection bypass
2007-04-20 00:00:00
prion
prion
Authorization
2007-04-19 10:19:00
cvelist
cvelist
CVE-2007-1009
2007-04-19 10:00:00
nvd
nvd
CVE-2007-1009
2007-04-19 10:19:00
CVSS2
4.6
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
AI Score
6.4
Confidence
Low
EPSS
0
Percentile
5.1%
Related for CVE-2007-1009