Lucene search
HistoryApr 19, 2007 - 10:19 a.m.
CVE-2007-1009
CVSS2
4.6
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
AI Score
6.4
Confidence
Low
EPSS
0
Percentile
5.1%
Macrovision InstallAnywhere Enterprise before 8.0.1 uses the InstallScript.iap_xml configuration file without integrity protection to verify authorization for installing an application, which allows local users to perform unauthorized installations by removing the (1) password or (2) serial number verification sections from this file.
Affected configurations
Node
macrovisioninstallanywhereMatch8enterprise
ORmacrovisioninstallanywhereMatch8standard
| Vendor | Product | Version | CPE |
|---|---|---|---|
| macrovision | installanywhere | 8 | cpe:2.3:a:macrovision:installanywhere:8:*:enterprise:*:*:*:*:* |
| macrovision | installanywhere | 8 | cpe:2.3:a:macrovision:installanywhere:8:*:standard:*:*:*:*:* |
Related
cve
cve
CVE-2007-1009
2007-04-19 10:19:00
securityvulns
securityvulns
SYMSA-2007-003 Macrovision InstallAnywhere Password and Serial Number Bypass
2007-04-20 00:00:00
Macrovision InstallAnywhere protection bypass
2007-04-20 00:00:00
prion
prion
Authorization
2007-04-19 10:19:00
cvelist
cvelist
CVE-2007-1009
2007-04-19 10:00:00
CVSS2
4.6
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
AI Score
6.4
Confidence
Low
EPSS
0
Percentile
5.1%
Related for NVD:CVE-2007-1009