Lucene search
SAINT CorporationSAINT:C2D4EE72D1BA335A46F5E1199A942C2DHistoryJan 04, 2008 - 12:00 a.m.
MacroVision InstallShield Update Service DownloadAndExecute buffer overflow
2008-01-0400:00:00
SAINT Corporation
www.saintcorporation.com
14
EPSS
0.744
Percentile
98.2%
Added: 01/04/2008
CVE: CVE-2007-6654
BID: 27013
OSVDB: 39980
Background
MacroVision InstallShield is software for creating installers or software packages.
Problem
A buffer overflow in the DownloadAndExecute function in the Update Service ActiveX control allows command execution when a user loads a specially crafted web page.
Resolution
Apply the patch, which marks the object as unsafe for scripting.
References
<http://archives.neohapsis.com/archives/fulldisclosure/2007-12/0553.html>
Limitations
Exploit works on Macrovision InstallShield 2008 and requires a user to load the exploit page in Internet Explorer.
Platforms
Windows
Related
saint
saint
MacroVision InstallShield Update Service DownloadAndExecute buffer overflow
2008-01-04 00:00:00
MacroVision InstallShield Update Service DownloadAndExecute buffer overflow
2008-01-04 00:00:00
MacroVision InstallShield Update Service DownloadAndExecute buffer overflow
2008-01-04 00:00:00
exploitdb
exploitdb
Macrovision Installshield - 'isusweb.dll' Overwrite (SEH)
2007-12-30 00:00:00
checkpoint_advisories
checkpoint_advisories
nessus
nessus
cve
cve
CVE-2007-6654
2008-01-04 11:46:00
cvelist
cvelist
CVE-2007-6654
2008-01-04 11:00:00
nvd
nvd
CVE-2007-6654
2008-01-04 11:46:00
prion
prion
Buffer overflow
2008-01-04 11:46:00