CVE Vulnerability

CVE-2007-5661

The Macrovision InstallShield InstallScript One-Click Install (OCI) ActiveX control 12.0 before SP2 does not validate the DLL files that are named as parameters to the control, which allows remote attackers to download arbitrary library code onto a client machine.

9.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 10

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Scope

References
Link Resource
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=649
http://knowledge.macrovision.com/selfservice/microsites/search.do?cmd=displayKC&externalId=Q113640 Patch
http://www.securityfocus.com/bid/28533 Patch
http://securitytracker.com/id?1019735
http://secunia.com/advisories/29549 Patch Vendor Advisory
http://www.vupen.com/english/advisories/2008/1049
https://exchange.xforce.ibmcloud.com/vulnerabilities/41558
Configurations

Configuration 1

cpe:2.3:a:macrovision:installshield:*:sp1:*:*:*:*:*:*
cpe:2.3:a:macrovision:installshield:*:sp1:*:*:*:*:*:*
Information

Published : 2008-04-04 12:44

Updated : 2017-07-29 01:33

NVD link : CVE-2007-5661

Mitre link : CVE-2007-5661

Products Affected
No products.
CWE
CWE-94