CVE-2007-5661

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2007-5661
The Macrovision InstallShield InstallScript One-Click Install (OCI) ActiveX control 12.0 before SP2 does not validate the DLL files that are named as parameters to the control, which allows remote attackers to download arbitrary library code onto a client machine.

9.3 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://knowledge.macrovision.com/selfservice/microsites/search.do?cmd=displayKC&externalId=Q113640 Patch
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=649
http://secunia.com/advisories/29549 Patch Vendor Advisory
http://securitytracker.com/id?1019735
http://www.securityfocus.com/bid/28533 Patch
http://www.vupen.com/english/advisories/2008/1049
https://exchange.xforce.ibmcloud.com/vulnerabilities/41558
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:macrovision:installshield:*:sp1:*:*:*:*:*:*
cpe:2.3:a:macrovision:installshield:*:sp1:*:*:*:*:*:*
History

No history.

Information

Published : 2008-04-04 00:44

Updated : 2024-02-28 11:21

NVD link : CVE-2007-5661

Mitre link : CVE-2007-5661

CVE.ORG link : CVE-2007-5661

JSON object : View

Products Affected

macrovision

  • installshield
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')