CVE-2007-1009

Name of the Vulnerable Software and Affected Versions: Macrovision InstallAnywhere Enterprise versions prior to 8.0.1

Description: The issue allows local users to perform unauthorized installations by modifying the InstallScript.iap xml configuration file, which is used without integrity protection to verify authorization for installing an application. This can be achieved by removing the password or serial number verification sections from this file.

Recommendations: For versions prior to 8.0.1, update to version 8.0.1 or later to resolve the issue. As a temporary workaround, consider implementing additional access controls to the InstallScript.iap xml configuration file to prevent unauthorized modifications. Restrict access to this file to minimize the risk of exploitation.