CVE-2007-6744

Flexera Macrovision InstallShield before 2008 sends a digital-signature password to an unintended application during certain signature operations involving .spc and .pvk files, which might allow local users to obtain sensitive information via unspecified vectors, related to an incorrect interaction between InstallShield and Signcode.exe.

CVSS v2.0 2.1 LOW

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://kb.flexerasoftware.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&externalId=Installation-InstallShield-InstallShield2008Premier-Public-ProductInfo-IS2008PremProReleaseNotes2pdf&sliceId=pdfPage_42
http://kb.flexerasoftware.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&externalId=Installation-InstallShield-InstallShield2008Premier-Public-ProductInfo-IS2008PremProReleaseNotes2pdf&sliceId=pdfPage_42

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:flexerasoftware:installshield::::::::
	cpe:2.3:a:flexerasoftware:installshield::::::::
	cpe:2.3:a:flexerasoftware:installshield::::::::
	cpe:2.3:a:flexerasoftware:installshield::::::::
	cpe:2.3:a:flexerasoftware:installshield:10.5:::::::*
	cpe:2.3:a:flexerasoftware:installshield:11:::::::*
	cpe:2.3:a:flexerasoftware:installshield:11.5:::::::*

History

21 Nov 2024, 00:40

Type	Values Removed	Values Added
References	() http://kb.flexerasoftware.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&externalId=Installation-InstallShield-InstallShield2008Premier-Public-ProductInfo-IS2008PremProReleaseNotes2pdf&sliceId=pdfPage_42 -	() http://kb.flexerasoftware.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&externalId=Installation-InstallShield-InstallShield2008Premier-Public-ProductInfo-IS2008PremProReleaseNotes2pdf&sliceId=pdfPage_42 -

Information

Published : 2012-01-19 19:55

Updated : 2024-11-21 00:40

NVD link : CVE-2007-6744

Mitre link : CVE-2007-6744

CVE.ORG link : CVE-2007-6744

JSON object : View

Products Affected

flexerasoftware

installshield

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2007-6744", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2012-01-19T19:55:00.927", "references": [{"url": "http://kb.flexerasoftware.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&externalId=Installation-InstallShield-InstallShield2008Premier-Public-ProductInfo-IS2008PremProReleaseNotes2pdf&sliceId=pdfPage_42", "source": "cve@mitre.org"}, {"url": "http://kb.flexerasoftware.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&externalId=Installation-InstallShield-InstallShield2008Premier-Public-ProductInfo-IS2008PremProReleaseNotes2pdf&sliceId=pdfPage_42", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "Flexera Macrovision InstallShield before 2008 sends a digital-signature password to an unintended application during certain signature operations involving .spc and .pvk files, which might allow local users to obtain sensitive information via unspecified vectors, related to an incorrect interaction between InstallShield and Signcode.exe."}, {"lang": "es", "value": "Macrovision InstallShield Flexera antes de v2008 env\u00eda una contrase\u00f1a de firma digital a una aplicaci\u00f3n no deseada durante determinadas operaciones en las que participan ficheros .spc y .pvk, lo que podr\u00eda permitir a usuarios locales obtener informaci\u00f3n sensible a trav\u00e9s de vectores no especificados. Se trata de un problema relacionado con una interacci\u00f3n incorrecta entre InstallShield y Signcode.exe."}], "lastModified": "2024-11-21T00:40:54.320", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:flexerasoftware:installshield:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8566174D-59AF-4C0E-8E35-108A9EFB0CA3", "versionEndIncluding": "1.0"}, {"criteria": "cpe:2.3:a:flexerasoftware:installshield:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "536BAE00-FD82-4C61-968D-E519BEC218E3", "versionEndIncluding": "2.0"}, {"criteria": "cpe:2.3:a:flexerasoftware:installshield:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F4C3AD63-0900-4E4C-8168-7EA6EF531120", "versionEndIncluding": "3.0"}, {"criteria": "cpe:2.3:a:flexerasoftware:installshield:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "98FE9015-2B87-4FD8-B47A-0B76EF004DCC", "versionEndIncluding": "12"}, {"criteria": "cpe:2.3:a:flexerasoftware:installshield:10.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7B50640A-BEB4-4ADB-B6D8-E3E6B479E944"}, {"criteria": "cpe:2.3:a:flexerasoftware:installshield:11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D22D8E16-662D-4F38-BB02-022B8E9D9969"}, {"criteria": "cpe:2.3:a:flexerasoftware:installshield:11.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CB19FC75-3FE9-4EC7-8DDB-0E2DC1ACB944"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}