CVE-2007-6654 - Buffer Errors vulnerability in Macrovision Update Service 5.1.10047363

Publication

2008-01-04

Last modification

2017-09-29

Summary

Buffer overflow in a certain ActiveX control in Macrovision InstallShield Update Service Web Agent 5.1.100.47363 allows remote attackers to execute arbitrary code via a long string in the ProductCode argument (second argument) to the DownloadAndExecute method, a different vulnerability than CVE-2007-0321, CVE-2007-2419, and CVE-2007-5660.

Description

InstallShield Update Service is prone to a remote buffer-overflow vulnerability because it fails to adequately sanitize user-supplied data.Successfully exploiting this issue will allow an attacker to execute arbitrary code with the permissions of the user running the application.This issue affects InstallShield Update Service 5.1.100.47363; other versions may also be affected.NOTE: Reportedly, this issue differs from those documented in BID 26280 (Macrovision InstallShield Update Service Isusweb.DLL Multiple Remote Code Execution Vulnerabilities).

Solution

The vendor has released advisories and updates that address this issue. Please see the references for more information.

Exploit

An attacker can exploit this issue by enticing an unsuspecting victim to visit a malicious HTML page.UPDATE (August 11, 2008): Symantec has detected active exploit attempts in the wild.An exploit is available. /data/vulnerabilities/exploits/27013.html

Classification

CWE-119 - Buffer Errors

Risk level (CVSS AV:N/AC:M/Au:N/C:C/I:C/A:C)

High

9.3

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

Vendor Product Versions
Macrovision Update Service  5.1.10047363