Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2007-5661

The Macrovision InstallShield InstallScript One-Click Install (OCI) ActiveX control 12.0 before SP2 does not validate the DLL files that are named as parameters to the control, which allows remote attackers to download arbitrary library code onto a client machine.

Published

2008-04-04T00:44:00.000

Last Modified

2025-05-09T17:42:15.573

Status

Undergoing Analysis

Source

[email protected]

Severity

CVSSv2: 9.3 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

8.6

Impact Score

10.0

Weaknesses

Type: Primary
CWE-94

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	macrovision	installshield	≤ 12_premier	Yes
Application	macrovision	installshield	≤ 12_professional	Yes

References

http://knowledge.macrovision.com/selfservice/microsites/search.do?cmd=displayKC&externalId=Q113640 Patch ([email protected])
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=649 ([email protected])
http://secunia.com/advisories/29549 Patch, Vendor Advisory ([email protected])
http://securitytracker.com/id?1019735 ([email protected])
http://www.securityfocus.com/bid/28533 Patch ([email protected])
http://www.vupen.com/english/advisories/2008/1049 ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/41558 ([email protected])
http://knowledge.macrovision.com/selfservice/microsites/search.do?cmd=displayKC&externalId=Q113640 Patch (af854a3a-2127-422b-91ae-364da2661108)
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=649 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/29549 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://securitytracker.com/id?1019735 (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/28533 Patch (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2008/1049 (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/41558 (af854a3a-2127-422b-91ae-364da2661108)