PT-2007-3751 · Macrovision · Macrovision Flexnet Connect+1

Published

2007-06-06

Updated

2018-10-16

CVE-2007-2419

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Macrovision FLEXnet Connect versions 6.0 Macrovision FLEXnet Update Service versions 3.x through 5.x

Description The issue is related to multiple buffer overflows in an ActiveX control (boisweb.dll) that allow remote attackers to execute arbitrary code. This can be achieved via the second parameter to the DownloadAndExecute method and the third parameter to the AddFileEx method.

Recommendations For Macrovision FLEXnet Connect version 6.0, update to a version that addresses the buffer overflows in the ActiveX control. For Macrovision FLEXnet Update Service versions 3.x through 5.x, update to a version that addresses the buffer overflows in the ActiveX control. As a temporary workaround, consider disabling the DownloadAndExecute and AddFileEx methods until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-2419

Affected Products

Macrovision Flexnet Connect

Macrovision Flexnet Update Service

PT-2007-3751 · Macrovision · Macrovision Flexnet Connect+1

CVE-2007-2419

Related Identifiers

Affected Products

References · 10