Added: 12/07/2007
CVE: CVE-2007-5660
BID: 26280
OSVDB: 38347
MacroVision InstallShield is software for creating installers or software packages.
Several unsafe methods in the Update Service ActiveX control allow command execution when a user loads a specially crafted web page.
Apply the patch referenced in Macrovision knowledge base article Q113020.
<http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=618>
Exploit works on MacroVision InstallShield 2008 and requires a user to open the exploit page in Internet Explorer.
Windows