CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
5.1%
Macrovision InstallAnywhere Enterprise before 8.0.1 uses the InstallScript.iap_xml configuration file without integrity protection to verify authorization for installing an application, which allows local users to perform unauthorized installations by removing the (1) password or (2) serial number verification sections from this file.
Vendor | Product | Version | CPE |
---|---|---|---|
macrovision | installanywhere | 8 | cpe:2.3:a:macrovision:installanywhere:8:*:enterprise:*:*:*:*:* |
macrovision | installanywhere | 8 | cpe:2.3:a:macrovision:installanywhere:8:*:standard:*:*:*:*:* |