CVE Vulnerability

CVE-2007-0328

The DWUpdateService ActiveX control in the agent (agent.exe) in Macrovision FLEXnet Connect 6.0 and Update Service 3.x to 5.x allows remote attackers to execute arbitrary commands via (1) the Execute method, and obtain the exit status using (2) the GetExitCode method.

9.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 10

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Scope

References
Link Resource
http://www.kb.cert.org/vuls/id/524681 Patch US Government Resource
http://support.installshield.com/kb/view.asp?articleid=Q113020 Patch
http://secunia.com/advisories/25501 Vendor Advisory
http://osvdb.org/36896
http://www.blackberry.com/btsc/articles/749/KB16469_f.SAL_Public.html
http://secunia.com/advisories/32842 Vendor Advisory
http://www.vupen.com/english/advisories/2008/3278 Vendor Advisory
http://www.vupen.com/english/advisories/2007/2017 Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/34660
Configurations

Configuration 1

cpe:2.3:a:macrovision:update_service:3.0:*:*:*:*:*:*:*
cpe:2.3:a:macrovision:update_service:5.0:*:*:*:*:*:*:*
cpe:2.3:a:macrovision:flexnet_connect:6.0:*:*:*:*:*:*:*
cpe:2.3:a:macrovision:update_service:4.0:*:*:*:*:*:*:*
Information

Published : 2007-06-01 12:30

Updated : 2017-07-29 01:30

NVD link : CVE-2007-0328

Mitre link : CVE-2007-0328

Products Affected
No products.
CWE
NVD-CWE-Other