CVE-2007-2419
published 2007-06-06CVE-2007-2419: Multiple buffer overflows in an ActiveX control (boisweb.dll) in Macrovision FLEXnet Connect 6.0 and Update Service 3.x to 5.x allow remote attackers to…
PriorityP341critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
5.53%
91.8th percentile
Multiple buffer overflows in an ActiveX control (boisweb.dll) in Macrovision FLEXnet Connect 6.0 and Update Service 3.x to 5.x allow remote attackers to execute arbitrary code via the (1) the second parameter to the DownloadAndExecute method and (2) third parameter to the AddFileEx method, a different vulnerability than CVE-2007-0328.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| macrovision | flexnet_connect | — | — |
| macrovision | update_service | — | — |
| macrovision | update_service | — | — |
| macrovision | update_service | — | — |
| macrovision | update_service | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-85rg-2jgh-frvj: Multiple buffer overflows in an ActiveX control (boisweb
ghsa_unreviewed·2022-05-01·CVSS 9.3
CVE-2007-2419 [CRITICAL] GHSA-85rg-2jgh-frvj: Multiple buffer overflows in an ActiveX control (boisweb
Multiple buffer overflows in an ActiveX control (boisweb.dll) in Macrovision FLEXnet Connect 6.0 and Update Service 3.x to 5.x allow remote attackers to execute arbitrary code via the (1) the second parameter to the DownloadAndExecute method and (2) third parameter to the AddFileEx method, a different vulnerability than CVE-2007-0328.
GHSA
GHSA-6gr2-mgm4-qqm9: Buffer overflow in a certain ActiveX control in Macrovision InstallShield Update Service Web Agent 5
ghsa_unreviewed·2022-05-01·CVSS 9.3
CVE-2007-6654 [CRITICAL] CWE-119 GHSA-6gr2-mgm4-qqm9: Buffer overflow in a certain ActiveX control in Macrovision InstallShield Update Service Web Agent 5
Buffer overflow in a certain ActiveX control in Macrovision InstallShield Update Service Web Agent 5.1.100.47363 allows remote attackers to execute arbitrary code via a long string in the ProductCode argument (second argument) to the DownloadAndExecute method, a different vulnerability than CVE-2007-0321, CVE-2007-2419, and CVE-2007-5660.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://dvlabs.tippingpoint.com/advisory/TPTI-07-09http://osvdb.org/36983http://secunia.com/advisories/25509http://support.installshield.com/kb/view.asp?articleid=Q113020http://www.securityfocus.com/archive/1/470585/100/0/threadedhttp://www.securitytracker.com/id?1018195http://www.vupen.com/english/advisories/2007/2070https://exchange.xforce.ibmcloud.com/vulnerabilities/34721http://dvlabs.tippingpoint.com/advisory/TPTI-07-09http://osvdb.org/36983http://secunia.com/advisories/25509http://support.installshield.com/kb/view.asp?articleid=Q113020http://www.securityfocus.com/archive/1/470585/100/0/threadedhttp://www.securitytracker.com/id?1018195http://www.vupen.com/english/advisories/2007/2070https://exchange.xforce.ibmcloud.com/vulnerabilities/34721
2007-06-06
Published