CVEブラウザに戻る

CVE-2007-0328

CRITICAL

9.3

CVSS Severity Score

EPSS Score0.0330%

EPSS Percentile34.05th

Published2007年6月1日

Last Modified2026年4月23日

Vulnerability Description

The DWUpdateService ActiveX control in the agent (agent.exe) in Macrovision FLEXnet Connect 6.0 and Update Service 3.x to 5.x allows remote attackers to execute arbitrary commands via (1) the Execute method, and obtain the exit status using (2) the GetExitCode method.

Affected Platforms (CPE)

📦

Macrovision

Flexnet Connect

= 6.0

📦

Macrovision

Update Service

= 3.0

📦

Macrovision

Update Service

= 4.0

📦

Macrovision

Update Service

= 5.0

References & Advisories

🔗 http://osvdb.org/36896

🔗 http://secunia.com/advisories/25501

🔗 http://secunia.com/advisories/32842

🔗 http://support.installshield.com/kb/view.asp?articleid=Q113020

🔗 http://www.blackberry.com/btsc/articles/749/KB16469_f.SAL_Public.html

🔗 http://www.kb.cert.org/vuls/id/524681

🔗 http://www.vupen.com/english/advisories/2007/2017

🔗 http://www.vupen.com/english/advisories/2008/3278

関連する脆弱性情報

CVE-2007-241910.0

Multiple buffer overflows in an ActiveX control (boisweb.dll) in Macrovision FLEXnet Connect 6.0 and Update Service 3.x to 5.x all...

CVE-2007-03219.3

Buffer overflow in the Update Service Agent ActiveX Control in isusweb.dll for Macrovision FLEXnet Connect (formerly InstallShield...

CVE-2007-56609.3

Unspecified vulnerability in the Update Service ActiveX control in isusweb.dll before 6.0.100.65101 in MacroVision FLEXnet Connect...

CVE-2008-10939.3

Acresso InstallShield Update Agent does not properly verify the authenticity of Rule Scripts obtained from GetRules.asp web pages ...