Added: 01/04/2008
CVE: CVE-2007-6654
BID: 27013
OSVDB: 39980
MacroVision InstallShield is software for creating installers or software packages.
A buffer overflow in the DownloadAndExecute function in the Update Service ActiveX control allows command execution when a user loads a specially crafted web page.
Apply the patch, which marks the object as unsafe for scripting.
<http://archives.neohapsis.com/archives/fulldisclosure/2007-12/0553.html>
Exploit works on Macrovision InstallShield 2008 and requires a user to load the exploit page in Internet Explorer.
Windows