CVE-2007-5660 - OpenCVE

Unspecified vulnerability in the Update Service ActiveX control in isusweb.dll before 6.0.100.65101 in MacroVision FLEXnet Connect and InstallShield 2008 allows remote attackers to execute arbitrary code via an unspecified "unsafe method," possibly involving a buffer overflow.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Macrovision	Flexnet Connect Installshield 2008 Update Service

Configuration 1 [-]

OR	cpe:2.3:a:macrovision:flexnet_connect::::::::
	cpe:2.3:a:macrovision:installshield_2008::::::::
	cpe:2.3:a:macrovision:update_service:3.0:::::::*
	cpe:2.3:a:macrovision:update_service:4.0:::::::*
	cpe:2.3:a:macrovision:update_service:5.0:::::::*
	cpe:2.3:a:macrovision:update_service:5.1.100_47363:::::::*
	cpe:2.3:a:macrovision:update_service:6.0.100_60146:::::::*

References

Link	Resource
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=618
http://osvdb.org/38347
http://secunia.com/advisories/27475	Patch Vendor Advisory
http://support.installshield.com/kb/view.asp?articleid=Q113020	Patch
http://support.installshield.com/kb/view.asp?articleid=Q113602	Patch
http://www.macrovision.com/promolanding/7660.htm	Patch
http://www.securityfocus.com/bid/26280	Patch
http://www.securitytracker.com/id?1018881
http://www.vupen.com/english/advisories/2007/3670
https://exchange.xforce.ibmcloud.com/vulnerabilities/38210

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2007-11-02T16:00:00

Updated: 2017-07-28T12:57:01

Reserved: 2007-10-23T00:00:00

Link: CVE-2007-5660

JSON object: View

NVD Information

Status : Modified

Published: 2007-11-02T16:46:00.000

Modified: 2017-07-29T01:33:47.867

Link: CVE-2007-5660

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-10-31T00:00:00", "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the Update Service ActiveX control in isusweb.dll before 6.0.100.65101 in MacroVision FLEXnet Connect and InstallShield 2008 allows remote attackers to execute arbitrary code via an unspecified \"unsafe method,\" possibly involving a buffer overflow."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://support.installshield.com/kb/view.asp?articleid=Q113020"}, {"name": "27475", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27475"}, {"name": "20071031 Macrovision InstallShield Update Service ActiveX Unsafe Method Vulnerability", "tags": ["third-party-advisory", "x_refsource_IDEFENSE"], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=618"}, {"name": "38347", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/38347"}, {"name": "ADV-2007-3670", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/3670"}, {"name": "1018881", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1018881"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.macrovision.com/promolanding/7660.htm"}, {"name": "26280", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/26280"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.installshield.com/kb/view.asp?articleid=Q113602"}, {"name": "macrovision-isusweb-code-execution(38210)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38210"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-5660", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unspecified vulnerability in the Update Service ActiveX control in isusweb.dll before 6.0.100.65101 in MacroVision FLEXnet Connect and InstallShield 2008 allows remote attackers to execute arbitrary code via an unspecified \"unsafe method,\" possibly involving a buffer overflow."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://support.installshield.com/kb/view.asp?articleid=Q113020", "refsource": "CONFIRM", "url": "http://support.installshield.com/kb/view.asp?articleid=Q113020"}, {"name": "27475", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27475"}, {"name": "20071031 Macrovision InstallShield Update Service ActiveX Unsafe Method Vulnerability", "refsource": "IDEFENSE", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=618"}, {"name": "38347", "refsource": "OSVDB", "url": "http://osvdb.org/38347"}, {"name": "ADV-2007-3670", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/3670"}, {"name": "1018881", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1018881"}, {"name": "http://www.macrovision.com/promolanding/7660.htm", "refsource": "CONFIRM", "url": "http://www.macrovision.com/promolanding/7660.htm"}, {"name": "26280", "refsource": "BID", "url": "http://www.securityfocus.com/bid/26280"}, {"name": "http://support.installshield.com/kb/view.asp?articleid=Q113602", "refsource": "CONFIRM", "url": "http://support.installshield.com/kb/view.asp?articleid=Q113602"}, {"name": "macrovision-isusweb-code-execution(38210)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38210"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-5660", "datePublished": "2007-11-02T16:00:00", "dateReserved": "2007-10-23T00:00:00", "dateUpdated": "2017-07-28T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:macrovision:flexnet_connect:*:*:*:*:*:*:*:*", "matchCriteriaId": "EBB47236-7B96-4009-822B-C3A1AFCB3434", "vulnerable": true}, {"criteria": "cpe:2.3:a:macrovision:installshield_2008:*:*:*:*:*:*:*:*", "matchCriteriaId": "DEB1849E-A0FA-478A-B5CA-D515775A3D98", "vulnerable": true}, {"criteria": "cpe:2.3:a:macrovision:update_service:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "A09B825D-2B5C-4BA8-AF5D-AB0C3FB61BA4", "vulnerable": true}, {"criteria": "cpe:2.3:a:macrovision:update_service:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "61E90832-465C-4C77-8171-36593FEF3DB0", "vulnerable": true}, {"criteria": "cpe:2.3:a:macrovision:update_service:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "8427D006-33CA-4677-9536-26596FB210D9", "vulnerable": true}, {"criteria": "cpe:2.3:a:macrovision:update_service:5.1.100_47363:*:*:*:*:*:*:*", "matchCriteriaId": "C231476E-2C4B-49CF-A322-5BC972CF8107", "vulnerable": true}, {"criteria": "cpe:2.3:a:macrovision:update_service:6.0.100_60146:*:*:*:*:*:*:*", "matchCriteriaId": "06BF3AF2-9326-4856-820B-6788D09F05BF", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the Update Service ActiveX control in isusweb.dll before 6.0.100.65101 in MacroVision FLEXnet Connect and InstallShield 2008 allows remote attackers to execute arbitrary code via an unspecified \"unsafe method,\" possibly involving a buffer overflow."}, {"lang": "es", "value": "Vulnerabilidad sin especificar en el control de ActiveX Update Service en el isusweb.dll anterior al 6.0.100.65101 en el MacroVision FLEXnet Connect y InstallShield 2008 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de \"un m\u00e9todo inseguro\" sin especificar y, posiblemente, involucrando un desbordamiento de b\u00fafer."}], "id": "CVE-2007-5660", "lastModified": "2017-07-29T01:33:47.867", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2007-11-02T16:46:00.000", "references": [{"source": "cve@mitre.org", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=618"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/38347"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/27475"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://support.installshield.com/kb/view.asp?articleid=Q113020"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://support.installshield.com/kb/view.asp?articleid=Q113602"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.macrovision.com/promolanding/7660.htm"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/26280"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1018881"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/3670"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38210"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}