Vulnerability Description
Multiple buffer overflows in an ActiveX control (boisweb.dll) in Macrovision FLEXnet Connect 6.0 and Update Service 3.x to 5.x allow remote attackers to execute arbitrary code via the (1) the second parameter to the DownloadAndExecute method and (2) third parameter to the AddFileEx method, a different vulnerability than CVE-2007-0328.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Macrovision | Flexnet Connect | 6.0 |
| Macrovision | Update Service | 3.0 |
References
- http://dvlabs.tippingpoint.com/advisory/TPTI-07-09Patch
- http://osvdb.org/36983
- http://secunia.com/advisories/25509Vendor Advisory
- http://support.installshield.com/kb/view.asp?articleid=Q113020Patch
- http://www.securityfocus.com/archive/1/470585/100/0/threaded
- http://www.securitytracker.com/id?1018195
- http://www.vupen.com/english/advisories/2007/2070
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34721
- http://dvlabs.tippingpoint.com/advisory/TPTI-07-09Patch
- http://osvdb.org/36983
- http://secunia.com/advisories/25509Vendor Advisory
- http://support.installshield.com/kb/view.asp?articleid=Q113020Patch
- http://www.securityfocus.com/archive/1/470585/100/0/threaded
- http://www.securitytracker.com/id?1018195
- http://www.vupen.com/english/advisories/2007/2070
FAQ
What is CVE-2007-2419?
CVE-2007-2419 is a vulnerability with a CVSS score of 10.0 (HIGH). Multiple buffer overflows in an ActiveX control (boisweb.dll) in Macrovision FLEXnet Connect 6.0 and Update Service 3.x to 5.x allow remote attackers to execute arbitrary code via the (1) the second p...
How severe is CVE-2007-2419?
CVE-2007-2419 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-2419?
Check the references section above for vendor advisories and patch information. Affected products include: Macrovision Flexnet Connect, Macrovision Update Service.