|
|
|
|
| |
Credit:
The information has been provided by TPTI-07-09: TippingPoint Security Research Team.
The original article can be found at:
http://dvlabs.tippingpoint.com/advisory/TPTI-07-09
|
| |
Vulnerable Systems:
* Update Service 3.x
* Update Service 4.x
* Update Service 5.x
* FLEXnet Connect 6
This specific flaw exists within the ActiveX control with CLSID 85A4A99C-8C3D-499E-A386-E0743DFF8FB7. Specifying large values to two specific functions available in this control results in an exploitable stack based buffer overflow.
The vulnerable function / parameters include:
* DownloadAndExecute(), second of five parameters
* AddFileEx(), third of seven parameters
Vendor Response:
Macrovision has issued an update to correct this vulnerability. More details can be found at:
http://support.installshield.com/kb/view.asp?articleid=Q113020
Macrovision states "Notification was recently (January) sent to Macrovision customers about the vulnerability and the correct way to resolve it (patching to a newer version of the agent resolves the issue). The exact timing of this deployment is left to our customers and partner.".
CVE Information:
CVE-2007-2419
Disclosure Timeline:
* 2006-06-22 - Vulnerability reported to vendor
* 2006-11-06 - Digital Vaccine released to TippingPoint customers
* 2007-06-04 - Coordinated public release of advisory
|
|
|
|
|
