MacroVision InstallShield Update Service isusweb.dll unsafe method

Added: 12/07/2007
CVE: CVE-2007-5660
BID: 26280
OSVDB: 38347

Background

MacroVision InstallShield is software for creating installers or software packages.

Problem

Several unsafe methods in the Update Service ActiveX control allow command execution when a user loads a specially crafted web page.

Resolution

Apply the patch referenced in Macrovision knowledge base article Q113020.

References

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=618

Limitations

Exploit works on MacroVision InstallShield 2008 and requires a user to open the exploit page in Internet Explorer.

Platforms

Windows

Back to exploit index