Lucene search

[email protected]CVE-2007-6744

HistoryOct 03, 2022 - 4:14 p.m.

CVE-2007-6744

2022-10-0316:14:29

CWE-200

[email protected]

web.nvd.nist.gov

installshield

flexera

macrovision

password leakage

digital signature

vulnerability

nvd

cve-2007-6744

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

6.2 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Flexera Macrovision InstallShield before 2008 sends a digital-signature password to an unintended application during certain signature operations involving .spc and .pvk files, which might allow local users to obtain sensitive information via unspecified vectors, related to an incorrect interaction between InstallShield and Signcode.exe.

Affected configurations

NVD

Node

flexerasoftwareinstallshieldRange≤1.0

flexerasoftwareinstallshieldRange≤2.0

flexerasoftwareinstallshieldRange≤3.0

flexerasoftwareinstallshieldRange≤12

flexerasoftwareinstallshieldMatch10.5

flexerasoftwareinstallshieldMatch11

flexerasoftwareinstallshieldMatch11.5

CPENameOperatorVersion
flexerasoftware:installshieldflexerasoftware installshieldle1.0
flexerasoftware:installshieldflexerasoftware installshieldle2.0
flexerasoftware:installshieldflexerasoftware installshieldle3.0
flexerasoftware:installshieldflexerasoftware installshieldle12
flexerasoftware:installshieldflexerasoftware installshieldeq10.5
flexerasoftware:installshieldflexerasoftware installshieldeq11
flexerasoftware:installshieldflexerasoftware installshieldeq11.5

CPE	Name	Operator	Version
flexerasoftware:installshield	flexerasoftware installshield	le	1.0
flexerasoftware:installshield	flexerasoftware installshield	le	2.0
flexerasoftware:installshield	flexerasoftware installshield	le	3.0
flexerasoftware:installshield	flexerasoftware installshield	le	12
flexerasoftware:installshield	flexerasoftware installshield	eq	10.5
flexerasoftware:installshield	flexerasoftware installshield	eq	11
flexerasoftware:installshield	flexerasoftware installshield	eq	11.5

References

kb.flexerasoftware.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&externalId=Installation-InstallShield-InstallShield2008Premier-Public-ProductInfo-IS2008PremProReleaseNotes2pdf&sliceId=pdfPage_42

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

6.2 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2007-6744

cvelist1 nvd1 prion1