Security News -  Security Reviews -   Exploits -  Tools -  UNIX Focus -  Windows Focus
SecuriTeam™  Beyond Security®  SecuriTeam™ Home  Ask the Team  Mailing Lists  Advertising Info  Blogs SecuriTeam™ in Your Inbox   E-mail this CVE-2007-5661 to a friend New vulnerability? New tool? Tell us	CVE-2007-5661 Macrovision InstallShield InstallScript One-Click Install Untrusted Library Loading Vulnerability     Credit: The information has been provided by iDefense Labs. The original article can be found at: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=649 Website Security Scan Code Vulnerability Test Network Assessment Tool Detect hidden vulnerabilities Exhaustive automated testing Real-time, continuous security Get guidance from professionals of internal or 3rd party code. scanning for your entire network    CVE-2007-5661 Details Check for CVE-2007-5661 Vulnerability Assessment and Management. Automated Pen Testing for 50 to 50,000 nodes beyondsecurity.com/vulnerability-scanner Vulnerable Systems:  * Macrovision InstallShield InstallScript One-Click Install ActiveX Control version 12.0 Immune Systems:  * Macrovision InstallShield InstallScript One-Click Install ActiveX Control version 12.0 with SP2 InstallShield InstallScript "One-Click Install" is implemented in an ActiveX control with the following properties:   File: %WINDIR%\Downloaded Program Files\setup.exe   CLSID: 53D40FAA-4E21-459f-AA87-E4D97FC3245A This control is marked "safe for scripting". When a user visits a website from which a web install can be performed, the ActiveX control downloads and loads several DLL files from the remote website. Since no sanity checks are performed on the DLL files, an attacker can substitute specially crafted libraries that will execute arbitrary code when loaded. Analysis: Exploitation allows attackers to execute arbitrary code with the privileges of the currently logged-in user. In order for exploitation to occur, users would be required to have a vulnerable version of the ActiveX control installed and be lured to a malicious site. Workaround: Administrators can set the kill-bit for the vulnerable ActiveX control with the following .reg file. This will prevent the control from loading within Internet Explorer.   Windows Registry Editor Version 5.00      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{53D40FAA-4E21-459f-AA87-E4D97FC3245A}]   "Compatibility Flags"=dword:00000400 Vendor response: Macrovision has addressed this vulnerability by releasing a hotfix for the following products.   FLEXnet InstallShield 12 Professional (with InstallShield 12 SP2)   FLEXnet InstallShield 12 Premier (with InstallShield 12 SP2) For more information, consult their Knowledge Base article at the following URL. http://knowledge.macrovision.com/selfservice/microsites/search.do?cmd=displayKC&externalId=Q113640 CVE Information: CVE-2007-5661 Disclosure timeline: 01/08/2007 - Initial vendor notification 04/17/2007 - Second vendor notification 04/18/2007 - Initial vendor response 03/31/2008 - Coordinated public disclosure  Comments on CVE-2007-5661:  Add new comment:  Subject:  Name/Nick/Email:          Chars Left:	All Sections Security News Unix focus Exploits Tools Windows focus Security Reviews
	Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

Copyright © 1998-2010 Beyond Security® All rights reserved.
Terms of Use Site Privacy Statement.
SecuriTeam™ is a trademark of Beyond Security®