Vulnerability Description
The DWUpdateService ActiveX control in the agent (agent.exe) in Macrovision FLEXnet Connect 6.0 and Update Service 3.x to 5.x allows remote attackers to execute arbitrary commands via (1) the Execute method, and obtain the exit status using (2) the GetExitCode method.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Macrovision | Flexnet Connect | 6.0 |
| Macrovision | Update Service | 3.0 |
References
- http://osvdb.org/36896
- http://secunia.com/advisories/25501Vendor Advisory
- http://secunia.com/advisories/32842Vendor Advisory
- http://support.installshield.com/kb/view.asp?articleid=Q113020Patch
- http://www.blackberry.com/btsc/articles/749/KB16469_f.SAL_Public.html
- http://www.kb.cert.org/vuls/id/524681PatchUS Government Resource
- http://www.vupen.com/english/advisories/2007/2017Vendor Advisory
- http://www.vupen.com/english/advisories/2008/3278Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34660
- http://osvdb.org/36896
- http://secunia.com/advisories/25501Vendor Advisory
- http://secunia.com/advisories/32842Vendor Advisory
- http://support.installshield.com/kb/view.asp?articleid=Q113020Patch
- http://www.blackberry.com/btsc/articles/749/KB16469_f.SAL_Public.html
- http://www.kb.cert.org/vuls/id/524681PatchUS Government Resource
FAQ
What is CVE-2007-0328?
CVE-2007-0328 is a vulnerability with a CVSS score of 9.3 (HIGH). The DWUpdateService ActiveX control in the agent (agent.exe) in Macrovision FLEXnet Connect 6.0 and Update Service 3.x to 5.x allows remote attackers to execute arbitrary commands via (1) the Execute ...
How severe is CVE-2007-0328?
CVE-2007-0328 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-0328?
Check the references section above for vendor advisories and patch information. Affected products include: Macrovision Flexnet Connect, Macrovision Update Service.