9.3
CVE-2007-5661
- EPSS 2.25%
- Veröffentlicht 04.04.2008 00:44:00
- Zuletzt bearbeitet 16.06.2026 22:46:35
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginThe Macrovision InstallShield InstallScript One-Click Install (OCI) ActiveX control 12.0 before SP2 does not validate the DLL files that are named as parameters to the control, which allows remote attackers to download arbitrary library code onto a client machine.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Revenera ≫ Installshield Update- SwEditionpremier Version < 12
Revenera ≫ Installshield Update- SwEditionprofessional Version < 12
Revenera ≫ Installshield Version12 Update- SwEditionpremier
Revenera ≫ Installshield Version12 Update- SwEditionprofessional
Revenera ≫ Installshield Version12 Updatesp1 SwEditionpremier
Revenera ≫ Installshield Version12 Updatesp1 SwEditionprofessional
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.25% | 0.806 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
CWE-94 Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
http://knowledge.macrovision.com/selfservice/microsites/search.do?cmd=displayKC&externalId=Q113640
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=649
http://secunia.com/advisories/29549
http://securitytracker.com/id?1019735
http://www.securityfocus.com/bid/28533
http://www.vupen.com/english/advisories/2008/1049
https://exchange.xforce.ibmcloud.com/vulnerabilities/41558