CVE-2007-5661

Sažetak

The Macrovision InstallShield InstallScript One-Click Install (OCI) ActiveX control 12.0 before SP2 does not validate the DLL files that are named as parameters to the control, which allows remote attackers to download arbitrary library code onto a client machine.

Reference

http://knowledge.macrovision.com/selfservice/microsites/search.do?cmd=displayKC&externalId=Q113640
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=649
http://secunia.com/advisories/29549
http://securitytracker.com/id?1019735
http://www.securityfocus.com/bid/28533
http://www.vupen.com/english/advisories/2008/1049
https://exchange.xforce.ibmcloud.com/vulnerabilities/41558

CVSS

Base:	9.3
Impact:	10.0
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

29-07-2017 - 01:33

Objavljeno

04-04-2008 - 00:44