CVSS: 9.3EPSS: 74%CPEs: 1EXPL: 0CVE-2008-2470
https://notcve.org/view.php?id=CVE-2008-2470
The InstallShield Update Service Agent ActiveX control in isusweb.dll allows remote attackers to cause a denial of service (memory corruption and browser crash) and possibly execute arbitrary code via a call to ExecuteRemote with a URL that results in a 404 error response. El control ActiveX InstallShield Update Service Agent en isusweb.dll que permite a los atacantes remotos causar una denegación de servicios (corrupción de memoria y caída del navegador) y posiblemente ejecutar arbitrariamente código a través de una llamada a ExecuteRemote con una URL que resulta de una respuesta de error 404. • http://support.installshield.com/kb/view.asp?articleid=Q113020 http://www.kb.cert.org/vuls/id/630017 http://www.securityfocus.com/bid/31235 http://www.vupen.com/english/advisories/2008/2625 https://exchange.xforce.ibmcloud.com/vulnerabilities/45248 •
CVSS: 9.3EPSS: 1%CPEs: 2EXPL: 0CVE-2007-5661
https://notcve.org/view.php?id=CVE-2007-5661
The Macrovision InstallShield InstallScript One-Click Install (OCI) ActiveX control 12.0 before SP2 does not validate the DLL files that are named as parameters to the control, which allows remote attackers to download arbitrary library code onto a client machine. El control ActiveX Macrovision InstallShield InstallScript One-Click Install (OCI) 12.0 versiones anteriores SP2 no valida los ficheros DLL que se consideran como parámetros del control, lo cual permite a atacantes remotos descargar código de librerías de su elección de la máquina cliente. • http://knowledge.macrovision.com/selfservice/microsites/search.do?cmd=displayKC&externalId=Q113640 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=649 http://secunia.com/advisories/29549 http://securitytracker.com/id?1019735 http://www.securityfocus.com/bid/28533 http://www.vupen.com/english/advisories/2008/1049 https://exchange.xforce.ibmcloud.com/vulnerabilities/41558 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 70%CPEs: 1EXPL: 2CVE-2007-6654 – Macrovision Installshield - 'isusweb.dll' Overwrite (SEH)
https://notcve.org/view.php?id=CVE-2007-6654
Buffer overflow in a certain ActiveX control in Macrovision InstallShield Update Service Web Agent 5.1.100.47363 allows remote attackers to execute arbitrary code via a long string in the ProductCode argument (second argument) to the DownloadAndExecute method, a different vulnerability than CVE-2007-0321, CVE-2007-2419, and CVE-2007-5660. Desbordamiento de búfer en un determinado control ActiveX de Macrovision InstallShield Update Service Web Agent 5.1.100.47363 permite a atacantes remotos ejecutar código de su elección mediante una cadena larga en el argumento ProductCode (segundo argumento) para el método DownloadAndExecute, una vulnerabilidad diferente de CVE-2007-0321, CVE-2007-2419, y CVE-2007-5660. • https://www.exploit-db.com/exploits/4819 http://lists.grok.org.uk/pipermail/full-disclosure/2007-December/059288.html http://osvdb.org/39980 https://exchange.xforce.ibmcloud.com/vulnerabilities/39204 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 96%CPEs: 7EXPL: 2CVE-2007-5660 – Macrovision Installshield Update Service - ActiveX Unsafe Method
https://notcve.org/view.php?id=CVE-2007-5660
Unspecified vulnerability in the Update Service ActiveX control in isusweb.dll before 6.0.100.65101 in MacroVision FLEXnet Connect and InstallShield 2008 allows remote attackers to execute arbitrary code via an unspecified "unsafe method," possibly involving a buffer overflow. Vulnerabilidad sin especificar en el control de ActiveX Update Service en el isusweb.dll anterior al 6.0.100.65101 en el MacroVision FLEXnet Connect y InstallShield 2008 permite a atacantes remotos ejecutar código de su elección a través de "un método inseguro" sin especificar y, posiblemente, involucrando un desbordamiento de búfer. • https://www.exploit-db.com/exploits/16602 https://www.exploit-db.com/exploits/16573 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=618 http://osvdb.org/38347 http://secunia.com/advisories/27475 http://support.installshield.com/kb/view.asp?articleid=Q113020 http://support.installshield.com/kb/view.asp?articleid=Q113602 http://www.macrovision.com/promolanding/7660.htm http://www.securityfocus.com/bid/26280 http://www.securitytracker.com/id?1018881 http://www. •
CVSS: 6.9EPSS: 0%CPEs: 3EXPL: 2CVE-2007-5587 – Macrovision SafeDisc - 'SecDRV.SYS' Method_Neither Privilege Escalation
https://notcve.org/view.php?id=CVE-2007-5587
Buffer overflow in Macrovision SafeDisc secdrv.sys before 4.3.86.0, as shipped in Microsoft Windows XP SP2, XP Professional x64 and x64 SP2, Server 2003 SP1 and SP2, and Server 2003 x64 and x64 SP2 allows local users to overwrite arbitrary memory locations and gain privileges via a crafted argument to a METHOD_NEITHER IOCTL, as originally discovered in the wild. Un desbordamiento de búfer en Macrovision SafeDisc secdrv.sys versiones anteriores a 4.3.86.0, tal y como se incorporó en Microsoft Windows XP SP2, XP Professional x64 y x64 SP2, Server 2003 SP1 y SP2, y Server 2003 x64 y x64 SP2 permite a usuarios locales sobrescribir ubicaciones arbitrarias de memoria y alcanzar privilegios por medio de un argumento diseñado para un METHOD_NEITHER IOCTL, como se detectó originalmente “in the wild”. • https://www.exploit-db.com/exploits/30680 http://blog.48bits.com/?p=172 http://osvdb.org/41429 http://secunia.com/advisories/27285 http://securityreason.com/securityalert/3266 http://www.microsoft.com/technet/security/advisory/944653.mspx http://www.reversemode.com/index.php?option=com_mamblog&Itemid=15&task=show&action=view&id=43&Itemid=15 http://www.securityfocus.com/archive/1/482474/100/0/threaded http://www.securityfocus.com/archive/1/482482/100/0/threaded http:/& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-264: Permissions, Privileges, and Access Controls •