CVE-2007-2419

Multiple buffer overflows in an ActiveX control (boisweb.dll) in Macrovision FLEXnet Connect 6.0 and Update Service 3.x to 5.x allow remote attackers to execute arbitrary code via the (1) the second parameter to the DownloadAndExecute method and (2) third parameter to the AddFileEx method, a different vulnerability than CVE-2007-0328.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://dvlabs.tippingpoint.com/advisory/TPTI-07-09	Patch
http://osvdb.org/36983
http://secunia.com/advisories/25509	Vendor Advisory
http://support.installshield.com/kb/view.asp?articleid=Q113020	Patch
http://www.securityfocus.com/archive/1/470585/100/0/threaded
http://www.securitytracker.com/id?1018195
http://www.vupen.com/english/advisories/2007/2070
https://exchange.xforce.ibmcloud.com/vulnerabilities/34721
http://dvlabs.tippingpoint.com/advisory/TPTI-07-09	Patch
http://osvdb.org/36983
http://secunia.com/advisories/25509	Vendor Advisory
http://support.installshield.com/kb/view.asp?articleid=Q113020	Patch
http://www.securityfocus.com/archive/1/470585/100/0/threaded
http://www.securitytracker.com/id?1018195
http://www.vupen.com/english/advisories/2007/2070
https://exchange.xforce.ibmcloud.com/vulnerabilities/34721

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:macrovision:flexnet_connect:6.0:::::::*
	cpe:2.3:a:macrovision:update_service:3.0:::::::*
	cpe:2.3:a:macrovision:update_service:4.0:::::::*
	cpe:2.3:a:macrovision:update_service:5.0:::::::*

History

No history.

Information

Published : 2007-06-06 10:30

Updated : 2025-04-09 00:30

NVD link : CVE-2007-2419

Mitre link : CVE-2007-2419

CVE.ORG link : CVE-2007-2419

JSON object : View

Products Affected

macrovision

flexnet_connect
update_service

CWE

NVD-CWE-Other

{"id": "CVE-2007-2419", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-06-06T10:30:00.000", "references": [{"url": "http://dvlabs.tippingpoint.com/advisory/TPTI-07-09", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://osvdb.org/36983", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/25509", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://support.installshield.com/kb/view.asp?articleid=Q113020", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/470585/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id?1018195", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/2070", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34721", "source": "cve@mitre.org"}, {"url": "http://dvlabs.tippingpoint.com/advisory/TPTI-07-09", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://osvdb.org/36983", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/25509", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://support.installshield.com/kb/view.asp?articleid=Q113020", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/470585/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id?1018195", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2007/2070", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34721", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Multiple buffer overflows in an ActiveX control (boisweb.dll) in Macrovision FLEXnet Connect 6.0 and Update Service 3.x to 5.x allow remote attackers to execute arbitrary code via the (1) the second parameter to the DownloadAndExecute method and (2) third parameter to the AddFileEx method, a different vulnerability than CVE-2007-0328."}, {"lang": "es", "value": "M\u00faltiples desordamientos de b\u00fafer en un control ActiveX (boisweb.dll) en Macrovision FLEXnet Connect 6.0 y Update Service 3.x hasta 5.x permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de (1) el segudo par\u00e1metro del m\u00e9todo DownloadAndExecute y (2) el tercer par\u00e1metro del m\u00e9todo AddFileEx, una vulnerabilidad diferente de CVE-2007-0328."}], "lastModified": "2025-04-09T00:30:58.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:macrovision:flexnet_connect:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2B07D756-3DB4-4ECD-83FD-CB60830F9267"}, {"criteria": "cpe:2.3:a:macrovision:update_service:3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A09B825D-2B5C-4BA8-AF5D-AB0C3FB61BA4"}, {"criteria": "cpe:2.3:a:macrovision:update_service:4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "61E90832-465C-4C77-8171-36593FEF3DB0"}, {"criteria": "cpe:2.3:a:macrovision:update_service:5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8427D006-33CA-4677-9536-26596FB210D9"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}