CVE Vulnerability

CVE-2008-4587

Insecure method vulnerability in the MSVNClientDownloadManager61Lib.DownloadManager.1 ActiveX control (ISDM.exe 6.1.100.61372) in Macrovision FLEXnet Connect 6.1 allows remote attackers to force the download and execution of arbitrary files via the AddFile and RunScheduledJobs methods. NOTE: this could be leveraged for code execution by uploading executable files to Startup folders.

9.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 10

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Scope

References
Link Resource
http://www.securityfocus.com/bid/27279
http://secunia.com/advisories/28496 Vendor Advisory
http://securityreason.com/securityalert/4428
http://www.vupen.com/english/advisories/2008/0145
https://exchange.xforce.ibmcloud.com/vulnerabilities/39653
https://www.exploit-db.com/exploits/4909
Configurations

Configuration 1

cpe:2.3:a:acresso:flexnet_connect:6.1:*:*:*:*:*:*:*
Information

Published : 2008-10-15 10:45

Updated : 2017-09-29 01:32

NVD link : CVE-2008-4587

Mitre link : CVE-2008-4587

Products Affected
No products.
CWE
NVD-CWE-Other