CVE-2007-2419

Name of the Vulnerable Software and Affected Versions Macrovision FLEXnet Connect versions 6.0 Macrovision FLEXnet Update Service versions 3.x through 5.x

Description The issue is related to multiple buffer overflows in an ActiveX control (boisweb.dll) that allow remote attackers to execute arbitrary code. This can be achieved via the second parameter to the DownloadAndExecute method and the third parameter to the AddFileEx method.

Recommendations For Macrovision FLEXnet Connect version 6.0, update to a version that addresses the buffer overflows in the ActiveX control. For Macrovision FLEXnet Update Service versions 3.x through 5.x, update to a version that addresses the buffer overflows in the ActiveX control. As a temporary workaround, consider disabling the DownloadAndExecute and AddFileEx methods until a patch is available.