CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
95.3%
Multiple buffer overflows in an ActiveX control (boisweb.dll) in Macrovision FLEXnet Connect 6.0 and Update Service 3.x to 5.x allow remote attackers to execute arbitrary code via the (1) the second parameter to the DownloadAndExecute method and (2) third parameter to the AddFileEx method, a different vulnerability than CVE-2007-0328.
Vendor | Product | Version | CPE |
---|---|---|---|
macrovision | flexnet_connect | 6.0 | cpe:2.3:a:macrovision:flexnet_connect:6.0:*:*:*:*:*:*:* |
macrovision | update_service | 3.0 | cpe:2.3:a:macrovision:update_service:3.0:*:*:*:*:*:*:* |
macrovision | update_service | 4.0 | cpe:2.3:a:macrovision:update_service:4.0:*:*:*:*:*:*:* |
macrovision | update_service | 5.0 | cpe:2.3:a:macrovision:update_service:5.0:*:*:*:*:*:*:* |
dvlabs.tippingpoint.com/advisory/TPTI-07-09
osvdb.org/36983
secunia.com/advisories/25509
support.installshield.com/kb/view.asp?articleid=Q113020
www.securityfocus.com/archive/1/470585/100/0/threaded
www.securitytracker.com/id?1018195
www.vupen.com/english/advisories/2007/2070
exchange.xforce.ibmcloud.com/vulnerabilities/34721