Vulnerability Details CVE-2007-5661
The Macrovision InstallShield InstallScript One-Click Install (OCI) ActiveX control 12.0 before SP2 does not validate the DLL files that are named as parameters to the control, which allows remote attackers to download arbitrary library code onto a client machine.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.016
EPSS Ranking 80.6%
CVSS Severity
CVSS v2 Score 9.3
References
- http://knowledge.macrovision.com/selfservice/microsites/search.do?cmd=displayKC&externalId=Q113640
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=649
- http://secunia.com/advisories/29549
- http://securitytracker.com/id?1019735
- http://www.securityfocus.com/bid/28533
- http://www.vupen.com/english/advisories/2008/1049
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41558
- http://knowledge.macrovision.com/selfservice/microsites/search.do?cmd=displayKC&externalId=Q113640
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=649
- http://secunia.com/advisories/29549
- http://securitytracker.com/id?1019735
- http://www.securityfocus.com/bid/28533
- http://www.vupen.com/english/advisories/2008/1049
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41558
Products affected by CVE-2007-5661
-
cpe:2.3:a:macrovision:installshield:*