返回 CVE 浏览器

CVE-2007-2419

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.1720%

EPSS Percentile14.68th

Published2007年6月6日

Last Modified2026年4月23日

Vulnerability Description

Multiple buffer overflows in an ActiveX control (boisweb.dll) in Macrovision FLEXnet Connect 6.0 and Update Service 3.x to 5.x allow remote attackers to execute arbitrary code via the (1) the second parameter to the DownloadAndExecute method and (2) third parameter to the AddFileEx method, a different vulnerability than CVE-2007-0328.

Affected Platforms (CPE)

📦

Macrovision

Flexnet Connect

= 6.0

📦

Macrovision

Update Service

= 3.0

📦

Macrovision

Update Service

= 4.0

📦

Macrovision

Update Service

= 5.0

References & Advisories

🔗 http://dvlabs.tippingpoint.com/advisory/TPTI-07-09

🔗 http://osvdb.org/36983

🔗 http://secunia.com/advisories/25509

🔗 http://support.installshield.com/kb/view.asp?articleid=Q113020

🔗 http://www.securityfocus.com/archive/1/470585/100/0/threaded

🔗 http://www.securitytracker.com/id?1018195

🔗 http://www.vupen.com/english/advisories/2007/2070

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/34721

相关漏洞威胁

CVE-2007-03219.3

Buffer overflow in the Update Service Agent ActiveX Control in isusweb.dll for Macrovision FLEXnet Connect (formerly InstallShield...

CVE-2007-03289.3

The DWUpdateService ActiveX control in the agent (agent.exe) in Macrovision FLEXnet Connect 6.0 and Update Service 3.x to 5.x allo...

CVE-2007-56609.3

Unspecified vulnerability in the Update Service ActiveX control in isusweb.dll before 6.0.100.65101 in MacroVision FLEXnet Connect...

CVE-2008-10939.3

Acresso InstallShield Update Agent does not properly verify the authenticity of Rule Scripts obtained from GetRules.asp web pages ...