Intrusion Prevention

Macrovision.FLEXnet.Connect.InstallShield.Buffer.Overflow

Description

This vulnerability was identified in Macrovision FLEXnet Connect, which could be exploited by remote attackers to take complete control of an affected system. This issue is due to a buffer overflow error in the InstallShield Update Service ActiveX control (isusweb.dll) when handling an overly long argument passed to the "Download()" method, which could be exploited by remote attackers to execute arbitrary commands by tricking a user into visiting a specially crafted web page.

Affected Products

Macrovision: FLEXnet Connect Any version.

Impact

System compromise.

Recommended Actions

Currently we are not aware of any vendor-supplied fix on this issue.

CVE References

CVE-2007-0321