Vulnerability Description
Macrovision InstallAnywhere Enterprise before 8.0.1 uses the InstallScript.iap_xml configuration file without integrity protection to verify authorization for installing an application, which allows local users to perform unauthorized installations by removing the (1) password or (2) serial number verification sections from this file.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Macrovision | Installanywhere | 8 |
References
- http://securityreason.com/securityalert/2596
- http://www.securityfocus.com/archive/1/466035/100/0/threaded
- http://www.securityfocus.com/bid/22643Patch
- http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-003.txtVendor Advisory
- http://www.vupen.com/english/advisories/2007/1433
- http://securityreason.com/securityalert/2596
- http://www.securityfocus.com/archive/1/466035/100/0/threaded
- http://www.securityfocus.com/bid/22643Patch
- http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-003.txtVendor Advisory
- http://www.vupen.com/english/advisories/2007/1433
FAQ
What is CVE-2007-1009?
CVE-2007-1009 is a vulnerability with a CVSS score of 4.6 (MEDIUM). Macrovision InstallAnywhere Enterprise before 8.0.1 uses the InstallScript.iap_xml configuration file without integrity protection to verify authorization for installing an application, which allows l...
How severe is CVE-2007-1009?
CVE-2007-1009 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-1009?
Check the references section above for vendor advisories and patch information. Affected products include: Macrovision Installanywhere.