CyberSec.Space Logo
Back to CVE Browser

CVE-2008-1093

CRITICAL
9.3
CVSS Severity Score
EPSS Score0.1880%
EPSS Percentile20.59th
PublishedSep 18, 2008
Last ModifiedApr 23, 2026

Vulnerability Description

Acresso InstallShield Update Agent does not properly verify the authenticity of Rule Scripts obtained from GetRules.asp web pages on FLEXnet Connect servers, which allows remote man-in-the-middle attackers to execute arbitrary VBScript code via Trojan horse Rules.

Affected Platforms (CPE)

πŸ“¦
Acresso

Flexnet Connect

All versions
πŸ“¦
Acresso

Intallshield Update Agent

All versions

References & Advisories

πŸ”— http://secunia.com/advisories/31896
πŸ”— http://securityreason.com/securityalert/4268
πŸ”— http://www.kb.cert.org/vuls/id/837092
πŸ”— http://www.securityfocus.com/archive/1/496389/100/0/threaded
πŸ”— http://www.securityfocus.com/bid/31204
πŸ”— http://www.securitytracker.com/id?1020893
πŸ”— http://www.simplicity.net/vuln/CVE-2008-1093.txt
πŸ”— http://www.vupen.com/english/advisories/2008/2613

Related Vulnerabilities

CVE-2007-241910.0

Multiple buffer overflows in an ActiveX control (boisweb.dll) in Macrovision FLEXnet Connect 6.0 and Update Service 3.x to 5.x all...

CVE-2007-03219.3

Buffer overflow in the Update Service Agent ActiveX Control in isusweb.dll for Macrovision FLEXnet Connect (formerly InstallShield...

CVE-2007-03289.3

The DWUpdateService ActiveX control in the agent (agent.exe) in Macrovision FLEXnet Connect 6.0 and Update Service 3.x to 5.x allo...

CVE-2007-56609.3

Unspecified vulnerability in the Update Service ActiveX control in isusweb.dll before 6.0.100.65101 in MacroVision FLEXnet Connect...