MacroVision InstallShield Update Service isusweb.dll unsafe method
Added: 12/07/2007CVE: CVE-2007-5660
BID: 26280
OSVDB: 38347
Background
MacroVision InstallShield is software for creating installers or software packages.Problem
Several unsafe methods in the Update Service ActiveX control allow command execution when a user loads a specially crafted web page.Resolution
Apply the patch referenced in Macrovision knowledge base article Q113020.References
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=618Limitations
Exploit works on MacroVision InstallShield 2008 and requires a user to open the exploit page in Internet Explorer.Platforms
WindowsBack to exploit index