MacroVision InstallShield Update Service DownloadAndExecute buffer overflow

Added: 01/04/2008
CVE: CVE-2007-6654
BID: 27013
OSVDB: 39980

Background

MacroVision InstallShield is software for creating installers or software packages.

Problem

A buffer overflow in the DownloadAndExecute function in the Update Service ActiveX control allows command execution when a user loads a specially crafted web page.

Resolution

Apply the patch, which marks the object as unsafe for scripting.

References

http://archives.neohapsis.com/archives/fulldisclosure/2007-12/0553.html

Limitations

Exploit works on Macrovision InstallShield 2008 and requires a user to load the exploit page in Internet Explorer.

Platforms

Windows

Back to exploit index