CVE-2007-0328

Sažetak

The DWUpdateService ActiveX control in the agent (agent.exe) in Macrovision FLEXnet Connect 6.0 and Update Service 3.x to 5.x allows remote attackers to execute arbitrary commands via (1) the Execute method, and obtain the exit status using (2) the GetExitCode method.

Reference

http://osvdb.org/36896
http://secunia.com/advisories/25501
http://secunia.com/advisories/32842
http://support.installshield.com/kb/view.asp?articleid=Q113020
http://www.blackberry.com/btsc/articles/749/KB16469_f.SAL_Public.html
http://www.kb.cert.org/vuls/id/524681
http://www.vupen.com/english/advisories/2007/2017
http://www.vupen.com/english/advisories/2008/3278
https://exchange.xforce.ibmcloud.com/vulnerabilities/34660

CVSS

Base:	9.3
Impact:	10.0
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

29-07-2017 - 01:30

Objavljeno

01-06-2007 - 00:30