CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
91.1%
The DWUpdateService ActiveX control in the agent (agent.exe) in Macrovision FLEXnet Connect 6.0 and Update Service 3.x to 5.x allows remote attackers to execute arbitrary commands via (1) the Execute method, and obtain the exit status using (2) the GetExitCode method.
Vendor | Product | Version | CPE |
---|---|---|---|
macrovision | flexnet_connect | 6.0 | cpe:2.3:a:macrovision:flexnet_connect:6.0:*:*:*:*:*:*:* |
macrovision | update_service | 3.0 | cpe:2.3:a:macrovision:update_service:3.0:*:*:*:*:*:*:* |
macrovision | update_service | 4.0 | cpe:2.3:a:macrovision:update_service:4.0:*:*:*:*:*:*:* |
macrovision | update_service | 5.0 | cpe:2.3:a:macrovision:update_service:5.0:*:*:*:*:*:*:* |
osvdb.org/36896
secunia.com/advisories/25501
secunia.com/advisories/32842
support.installshield.com/kb/view.asp?articleid=Q113020
www.blackberry.com/btsc/articles/749/KB16469_f.SAL_Public.html
www.kb.cert.org/vuls/id/524681
www.vupen.com/english/advisories/2007/2017
www.vupen.com/english/advisories/2008/3278
exchange.xforce.ibmcloud.com/vulnerabilities/34660