Lucene search

SAINT CorporationSAINT:C5A816791E0E4F944F49479F42D46CBF

HistoryJan 04, 2008 - 12:00 a.m.

MacroVision InstallShield Update Service DownloadAndExecute buffer overflow

2008-01-0400:00:00

SAINT Corporation

download.saintcorporation.com

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.744

Percentile

98.2%

JSON

Added: 01/04/2008
CVE: CVE-2007-6654
BID: 27013
OSVDB: 39980

Background

MacroVision InstallShield is software for creating installers or software packages.

Problem

A buffer overflow in the DownloadAndExecute function in the Update Service ActiveX control allows command execution when a user loads a specially crafted web page.

Resolution

Apply the patch, which marks the object as unsafe for scripting.

References

<http://archives.neohapsis.com/archives/fulldisclosure/2007-12/0553.html>

Limitations

Exploit works on Macrovision InstallShield 2008 and requires a user to load the exploit page in Internet Explorer.

Platforms

Windows

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.744

Percentile

98.2%

JSON

Related for SAINT:C5A816791E0E4F944F49479F42D46CBF