Acresso · Acresso Installshield Update Agent · CVE-2008-1093
**Name of the Vulnerable Software and Affected Versions**
Acresso InstallShield Update Agent (affected versions not specified)
**Description**
The issue concerns the failure of Acresso InstallShield Update Agent to properly verify the authenticity of Rule Scripts obtained from GetRules.asp web pages on FLEXnet Connect servers. This allows remote man-in-the-middle attackers to execute arbitrary VBScript code via Trojan horse Rules.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.