CVE-2007-5661

2008-04-0400:44:00

CWE-94

[email protected]

web.nvd.nist.gov

cve-2007-5661

macrovision

installshield

installscript

activex

remote code execution

security vulnerability

nvd

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

6.8 Medium

AI Score

Confidence

Low

0.017 Low

EPSS

Percentile

87.8%

JSON

The Macrovision InstallShield InstallScript One-Click Install (OCI) ActiveX control 12.0 before SP2 does not validate the DLL files that are named as parameters to the control, which allows remote attackers to download arbitrary library code onto a client machine.

Affected configurations

NVD

Node

macrovisioninstallshieldRange≤12_premiersp1

macrovisioninstallshieldRange≤12_professionalsp1

CPENameOperatorVersion
macrovision:installshieldmacrovision installshieldle12_premier
macrovision:installshieldmacrovision installshieldle12_professional