CVE-2007-5661
Severity Score
9.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The Macrovision InstallShield InstallScript One-Click Install (OCI) ActiveX control 12.0 before SP2 does not validate the DLL files that are named as parameters to the control, which allows remote attackers to download arbitrary library code onto a client machine.
El control ActiveX Macrovision InstallShield InstallScript One-Click Install (OCI) 12.0 versiones anteriores SP2 no valida los ficheros DLL que se consideran como parámetros del control, lo cual permite a atacantes remotos descargar código de librerías de su elección de la máquina cliente.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2007-10-23 CVE Reserved
- 2008-04-01 CVE Published
- 2024-08-07 CVE Updated
- 2024-09-06 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-94: Improper Control of Generation of Code ('Code Injection')
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=649 | Third Party Advisory | |
| http://securitytracker.com/id?1019735 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2008/1049 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/41558 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://knowledge.macrovision.com/selfservice/microsites/search.do?cmd=displayKC&externalId=Q113640 | 2017-07-29 | |
| http://secunia.com/advisories/29549 | 2017-07-29 | |
| http://www.securityfocus.com/bid/28533 | 2017-07-29 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Macrovision Search vendor "Macrovision" | Installshield Search vendor "Macrovision" for product "Installshield" | <= 12_premier Search vendor "Macrovision" for product "Installshield" and version " <= 12_premier" | sp1 |
Affected
| ||||||
| Macrovision Search vendor "Macrovision" | Installshield Search vendor "Macrovision" for product "Installshield" | <= 12_professional Search vendor "Macrovision" for product "Installshield" and version " <= 12_professional" | sp1 |
Affected
| ||||||