CyberSec.Space Logo
Back to CVE Browser

CVE-2007-0328

CRITICAL
9.3
CVSS Severity Score
EPSS Score0.0330%
EPSS Percentile34.05th
PublishedJun 1, 2007
Last ModifiedApr 23, 2026

Vulnerability Description

The DWUpdateService ActiveX control in the agent (agent.exe) in Macrovision FLEXnet Connect 6.0 and Update Service 3.x to 5.x allows remote attackers to execute arbitrary commands via (1) the Execute method, and obtain the exit status using (2) the GetExitCode method.

Affected Platforms (CPE)

πŸ“¦
Macrovision

Flexnet Connect

= 6.0
πŸ“¦
Macrovision

Update Service

= 3.0
πŸ“¦
Macrovision

Update Service

= 4.0
πŸ“¦
Macrovision

Update Service

= 5.0

References & Advisories

πŸ”— http://osvdb.org/36896
πŸ”— http://secunia.com/advisories/25501
πŸ”— http://secunia.com/advisories/32842
πŸ”— http://support.installshield.com/kb/view.asp?articleid=Q113020
πŸ”— http://www.blackberry.com/btsc/articles/749/KB16469_f.SAL_Public.html
πŸ”— http://www.kb.cert.org/vuls/id/524681
πŸ”— http://www.vupen.com/english/advisories/2007/2017
πŸ”— http://www.vupen.com/english/advisories/2008/3278

Related Vulnerabilities

CVE-2007-241910.0

Multiple buffer overflows in an ActiveX control (boisweb.dll) in Macrovision FLEXnet Connect 6.0 and Update Service 3.x to 5.x all...

CVE-2007-03219.3

Buffer overflow in the Update Service Agent ActiveX Control in isusweb.dll for Macrovision FLEXnet Connect (formerly InstallShield...

CVE-2007-56609.3

Unspecified vulnerability in the Update Service ActiveX control in isusweb.dll before 6.0.100.65101 in MacroVision FLEXnet Connect...

CVE-2008-10939.3

Acresso InstallShield Update Agent does not properly verify the authenticity of Rule Scripts obtained from GetRules.asp web pages ...