Vulnerabilities > CVE-2007-2419 - Unspecified vulnerability in Macrovision Flexnet Connect and Update Service

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

macrovision

critical

NVD

Published: 2007-06-06

Updated: 2018-10-16

Summary

Multiple buffer overflows in an ActiveX control (boisweb.dll) in Macrovision FLEXnet Connect 6.0 and Update Service 3.x to 5.x allow remote attackers to execute arbitrary code via the (1) the second parameter to the DownloadAndExecute method and (2) third parameter to the AddFileEx method, a different vulnerability than CVE-2007-0328.

Vulnerable Configurations

Part	Description	Count
Application	Macrovision Macrovision Flexnet Connect 6.0 Macrovision Update Service 3.0 Macrovision Update Service 4.0 Macrovision Update Service 5.0	4

References

http://dvlabs.tippingpoint.com/advisory/TPTI-07-09
http://osvdb.org/36983
http://secunia.com/advisories/25509
http://support.installshield.com/kb/view.asp?articleid=Q113020
http://www.securityfocus.com/archive/1/470585/100/0/threaded
http://www.securitytracker.com/id?1018195
http://www.vupen.com/english/advisories/2007/2070
https://exchange.xforce.ibmcloud.com/vulnerabilities/34721