Macrovision Update Service vulnerabilities
4 known vulnerabilities affecting macrovision/update_service.
Total CVEs
4
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
CRITICAL4
Vulnerabilities
Page 1 of 1
CVE-2007-5660P3CRITICALCVSS 9.3PoCv3.0v4.0+3 more2007-11-02
CVE-2007-5660 [CRITICAL] CVE-2007-5660: Unspecified vulnerability in the Update Service ActiveX control in isusweb.dll before 6.0.100.65101
Unspecified vulnerability in the Update Service ActiveX control in isusweb.dll before 6.0.100.65101 in MacroVision FLEXnet Connect and InstallShield 2008 allows remote attackers to execute arbitrary code via an unspecified "unsafe method," possibly involving a buffer overflow.
nvd
CVE-2007-6654P3CRITICALCVSS 9.3PoCv5.1.100_473632008-01-04
CVE-2007-6654 [CRITICAL] CVE-2007-6654: Buffer overflow in a certain ActiveX control in Macrovision InstallShield Update Service Web Agent 5
Buffer overflow in a certain ActiveX control in Macrovision InstallShield Update Service Web Agent 5.1.100.47363 allows remote attackers to execute arbitrary code via a long string in the ProductCode argument (second argument) to the DownloadAndExecute method, a different vulnerability than CVE-2007-0321, CVE-2007-2419, and CVE-2007-5660.
nvd
CVE-2007-0328P3CRITICALCVSS 9.3v3.0v4.0+1 more2007-06-01
CVE-2007-0328 [CRITICAL] CVE-2007-0328: The DWUpdateService ActiveX control in the agent (agent.exe) in Macrovision FLEXnet Connect 6.0 and
The DWUpdateService ActiveX control in the agent (agent.exe) in Macrovision FLEXnet Connect 6.0 and Update Service 3.x to 5.x allows remote attackers to execute arbitrary commands via (1) the Execute method, and obtain the exit status using (2) the GetExitCode method.
nvd
CVE-2007-2419P3CRITICALCVSS 10.0v3.0v4.0+1 more2007-06-06
CVE-2007-2419 [CRITICAL] CVE-2007-2419: Multiple buffer overflows in an ActiveX control (boisweb.dll) in Macrovision FLEXnet Connect 6.0 and
Multiple buffer overflows in an ActiveX control (boisweb.dll) in Macrovision FLEXnet Connect 6.0 and Update Service 3.x to 5.x allow remote attackers to execute arbitrary code via the (1) the second parameter to the DownloadAndExecute method and (2) third parameter to the AddFileEx method, a different vulnerability than CVE-2007-0328.
nvd