CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
99.6%
Added: 12/07/2007
CVE: CVE-2007-5660
BID: 26280
OSVDB: 38347
MacroVision InstallShield is software for creating installers or software packages.
Several unsafe methods in the Update Service ActiveX control allow command execution when a user loads a specially crafted web page.
Apply the patch referenced in Macrovision knowledge base article Q113020.
<http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=618>
Exploit works on MacroVision InstallShield 2008 and requires a user to open the exploit page in Internet Explorer.
Windows