The Macrovision FLEXnet Connect Software Manager DWUpdateService ActiveX control fails to restrict access to its methods, which can allow a remote, unauthenticated attacker to execute arbitrary commands on a vulnerable system.
Macrovision FLEXnet Connect is a software package that allows vendors to provide updates to applications. FLEXnet Connect-enabled software has the ability to
Note that this control may be provided by installing the FLEXnet Connect SDK, installing other InstallShield software, or also by running FLEXnet Connect-enabled Windows software.
By convincing a user to view a specially crafted HTML document (e.g., a web page or an HTML email message or attachment), an attacker may be able to execute arbitrary commands with the privileges of the user.
Apply an update
This vulnerability was reported by Will Dormann of CERT/CC.
This document was written by Will Dormann.
|Date First Published:||2007-05-31|
|Date Last Updated:||2009-04-13 17:20 UTC|