CyberSec.Space Logo
返回 CVE 浏览器

CVE-2008-1093

CRITICAL
9.3
CVSS Severity Score
EPSS Score0.1880%
EPSS Percentile20.59th
Published2008年9月18日
Last Modified2026年4月23日

Vulnerability Description

Acresso InstallShield Update Agent does not properly verify the authenticity of Rule Scripts obtained from GetRules.asp web pages on FLEXnet Connect servers, which allows remote man-in-the-middle attackers to execute arbitrary VBScript code via Trojan horse Rules.

Affected Platforms (CPE)

📦
Acresso

Flexnet Connect

All versions
📦
Acresso

Intallshield Update Agent

All versions

References & Advisories

🔗 http://secunia.com/advisories/31896
🔗 http://securityreason.com/securityalert/4268
🔗 http://www.kb.cert.org/vuls/id/837092
🔗 http://www.securityfocus.com/archive/1/496389/100/0/threaded
🔗 http://www.securityfocus.com/bid/31204
🔗 http://www.securitytracker.com/id?1020893
🔗 http://www.simplicity.net/vuln/CVE-2008-1093.txt
🔗 http://www.vupen.com/english/advisories/2008/2613

相关漏洞威胁

CVE-2007-241910.0

Multiple buffer overflows in an ActiveX control (boisweb.dll) in Macrovision FLEXnet Connect 6.0 and Update Service 3.x to 5.x all...

CVE-2007-03219.3

Buffer overflow in the Update Service Agent ActiveX Control in isusweb.dll for Macrovision FLEXnet Connect (formerly InstallShield...

CVE-2007-03289.3

The DWUpdateService ActiveX control in the agent (agent.exe) in Macrovision FLEXnet Connect 6.0 and Update Service 3.x to 5.x allo...

CVE-2007-56609.3

Unspecified vulnerability in the Update Service ActiveX control in isusweb.dll before 6.0.100.65101 in MacroVision FLEXnet Connect...