CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
98.2%
Added: 01/04/2008
CVE: CVE-2007-6654
BID: 27013
OSVDB: 39980
MacroVision InstallShield is software for creating installers or software packages.
A buffer overflow in the DownloadAndExecute function in the Update Service ActiveX control allows command execution when a user loads a specially crafted web page.
Apply the patch, which marks the object as unsafe for scripting.
<http://archives.neohapsis.com/archives/fulldisclosure/2007-12/0553.html>
Exploit works on Macrovision InstallShield 2008 and requires a user to load the exploit page in Internet Explorer.
Windows