Elazar

**Name of the Vulnerable Software and Affected Versions** Imera TeamLinks Client version 1.0.2.54 **Description** The issue concerns an insecure method vulnerability in the ImeraIEPlugin ActiveX control. This vulnerability allows remote attackers to force the download and execution of arbitrary URLs by modifying certain parameters, specifically `DownloadProtocol`, `DownloadHost`, `DownloadPort`, and `DownloadURI`. **Recommendations** For version 1.0.2.54, as a temporary workaround, consider restricting access to the `DownloadProtocol`, `DownloadHost`, `DownloadPort`, and `DownloadURI` parameters to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Macrovision FLEXnet Connect version 6.1 **Description** The issue is related to an insecure method in the MVSNCLientWebAgent61.WebAgent.1 ActiveX control, which allows remote attackers to force the download and execution of arbitrary files. This is achieved via the `DownloadAndExecute` method. **Recommendations** For Macrovision FLEXnet Connect version 6.1, consider disabling the `DownloadAndExecute` method in the MVSNCLientWebAgent61.WebAgent.1 ActiveX control as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Macrovision FLEXnet Connect version 6.1 **Description** The issue concerns an insecure method vulnerability in the MSVNClientDownloadManager61Lib.DownloadManager.1 ActiveX control. This vulnerability allows remote attackers to force the download and execution of arbitrary files via the `AddFile` and `RunScheduledJobs` methods. It could potentially be leveraged for code execution by uploading executable files to Startup folders. **Recommendations** For Macrovision FLEXnet Connect version 6.1, consider disabling the `AddFile` and `RunScheduledJobs` methods in the MSVNClientDownloadManager61Lib.DownloadManager.1 ActiveX control as a temporary workaround until a patch is available. Restrict access to the Startup folders to minimize the risk of exploitation.

Buffer overflow in a certain ActiveX control in Macrovision InstallShield Update Service Web Agent 5.1.100.47363 allows remote attackers to execute arbitrary code via a long string in the ProductCode argument (second argument) to the DownloadAndExecute method, a different vulnerability than CVE-2007-0321, CVE-2007-2419, and CVE-2007-5660.

**Name of the Vulnerable Software and Affected Versions** Adobe Shockwave (affected versions not specified) **Description** A stack-based buffer overflow issue exists in the SWCtl.SWCtl ActiveX control, allowing remote attackers to cause a denial of service and possibly execute arbitrary code. This is achieved by passing a long argument to the `ShockwaveVersion` method. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.