Signature Detail
Short Name |
HTTP:STC:ACTIVEX:ISUSWEB |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Macrovision InstallShield Isusweb.dll ActiveX |
Release Date |
2007/11/12 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Macrovision InstallShield Isusweb.dll ActiveX
This signature detects attempts to exploit a known vulnerability against Macrovision Installshield Update Service. An attacker could create a malicious Web site containing dangerous ActiveX calls, which if accessed by a victim, can allow the attacker to gain control of the victim's client browser.
Extended Description
InstallShield Update Service is prone to multiple remote code-execution vulnerabilities because it fails to adequately sanitize user-supplied data. Successfully exploiting these issues will allow an attacker to execute arbitrary code with the permissions of the user running the application. These issues affect InstallShield Update Service 5.01.100.47363 and 6.0.100.60146.
Affected Products
- Macrovision FLEXnet Connect
- Macrovision InstallShield 2008
- Macrovision Update Service 3.0
- Macrovision Update Service 4.0
- Macrovision Update Service 5.0
- Macrovision Update Service 5.01.100 47363
- Macrovision Update Service 6.0.100 60146
References
- BugTraq: 31235
- BugTraq: 27013
- BugTraq: 26280
- CVE: CVE-2007-5660
- CVE: CVE-2007-6654
- CVE: CVE-2008-2470
- URL: http://www.securityfocus.com/archive/1/4728C73E.1080101@idefense.com
- URL: http://support.installshield.com/kb/view.asp?articleid=Q113602