CVE-2007-2419 - OpenCVE

Multiple buffer overflows in an ActiveX control (boisweb.dll) in Macrovision FLEXnet Connect 6.0 and Update Service 3.x to 5.x allow remote attackers to execute arbitrary code via the (1) the second parameter to the DownloadAndExecute method and (2) third parameter to the AddFileEx method, a different vulnerability than CVE-2007-0328.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Macrovision	Flexnet Connect Update Service

Configuration 1 [-]

OR	cpe:2.3:a:macrovision:flexnet_connect:6.0:::::::*
	cpe:2.3:a:macrovision:update_service:3.0:::::::*
	cpe:2.3:a:macrovision:update_service:4.0:::::::*
	cpe:2.3:a:macrovision:update_service:5.0:::::::*

References

Link	Resource
http://dvlabs.tippingpoint.com/advisory/TPTI-07-09	Patch
http://osvdb.org/36983
http://secunia.com/advisories/25509	Vendor Advisory
http://support.installshield.com/kb/view.asp?articleid=Q113020	Patch
http://www.securityfocus.com/archive/1/470585/100/0/threaded
http://www.securitytracker.com/id?1018195
http://www.vupen.com/english/advisories/2007/2070
https://exchange.xforce.ibmcloud.com/vulnerabilities/34721

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2007-06-06T10:00:00

Updated: 2018-10-16T14:57:01

Reserved: 2007-05-01T00:00:00

Link: CVE-2007-2419

JSON object: View

NVD Information

Status : Modified

Published: 2007-06-06T10:30:00.000

Modified: 2018-10-16T16:43:23.570

Link: CVE-2007-2419

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-06-05T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple buffer overflows in an ActiveX control (boisweb.dll) in Macrovision FLEXnet Connect 6.0 and Update Service 3.x to 5.x allow remote attackers to execute arbitrary code via the (1) the second parameter to the DownloadAndExecute method and (2) third parameter to the AddFileEx method, a different vulnerability than CVE-2007-0328."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://support.installshield.com/kb/view.asp?articleid=Q113020"}, {"name": "macrovision-boisweb-bo(34721)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34721"}, {"tags": ["x_refsource_MISC"], "url": "http://dvlabs.tippingpoint.com/advisory/TPTI-07-09"}, {"name": "ADV-2007-2070", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/2070"}, {"name": "36983", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/36983"}, {"name": "25509", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25509"}, {"name": "20070605 TPTI-07-09: Macrovision FLEXnet boisweb.dll ActiveX Control Buffer Overflow Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/470585/100/0/threaded"}, {"name": "1018195", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1018195"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-2419", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple buffer overflows in an ActiveX control (boisweb.dll) in Macrovision FLEXnet Connect 6.0 and Update Service 3.x to 5.x allow remote attackers to execute arbitrary code via the (1) the second parameter to the DownloadAndExecute method and (2) third parameter to the AddFileEx method, a different vulnerability than CVE-2007-0328."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://support.installshield.com/kb/view.asp?articleid=Q113020", "refsource": "CONFIRM", "url": "http://support.installshield.com/kb/view.asp?articleid=Q113020"}, {"name": "macrovision-boisweb-bo(34721)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34721"}, {"name": "http://dvlabs.tippingpoint.com/advisory/TPTI-07-09", "refsource": "MISC", "url": "http://dvlabs.tippingpoint.com/advisory/TPTI-07-09"}, {"name": "ADV-2007-2070", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/2070"}, {"name": "36983", "refsource": "OSVDB", "url": "http://osvdb.org/36983"}, {"name": "25509", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25509"}, {"name": "20070605 TPTI-07-09: Macrovision FLEXnet boisweb.dll ActiveX Control Buffer Overflow Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/470585/100/0/threaded"}, {"name": "1018195", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1018195"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-2419", "datePublished": "2007-06-06T10:00:00", "dateReserved": "2007-05-01T00:00:00", "dateUpdated": "2018-10-16T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:macrovision:flexnet_connect:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "2B07D756-3DB4-4ECD-83FD-CB60830F9267", "vulnerable": true}, {"criteria": "cpe:2.3:a:macrovision:update_service:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "A09B825D-2B5C-4BA8-AF5D-AB0C3FB61BA4", "vulnerable": true}, {"criteria": "cpe:2.3:a:macrovision:update_service:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "61E90832-465C-4C77-8171-36593FEF3DB0", "vulnerable": true}, {"criteria": "cpe:2.3:a:macrovision:update_service:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "8427D006-33CA-4677-9536-26596FB210D9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple buffer overflows in an ActiveX control (boisweb.dll) in Macrovision FLEXnet Connect 6.0 and Update Service 3.x to 5.x allow remote attackers to execute arbitrary code via the (1) the second parameter to the DownloadAndExecute method and (2) third parameter to the AddFileEx method, a different vulnerability than CVE-2007-0328."}, {"lang": "es", "value": "M\u00faltiples desordamientos de b\u00fafer en un control ActiveX (boisweb.dll) en Macrovision FLEXnet Connect 6.0 y Update Service 3.x hasta 5.x permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de (1) el segudo par\u00e1metro del m\u00e9todo DownloadAndExecute y (2) el tercer par\u00e1metro del m\u00e9todo AddFileEx, una vulnerabilidad diferente de CVE-2007-0328."}], "id": "CVE-2007-2419", "lastModified": "2018-10-16T16:43:23.570", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-06-06T10:30:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://dvlabs.tippingpoint.com/advisory/TPTI-07-09"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/36983"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/25509"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://support.installshield.com/kb/view.asp?articleid=Q113020"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/470585/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1018195"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/2070"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34721"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}