Vulnerability Description
The Macrovision InstallShield InstallScript One-Click Install (OCI) ActiveX control 12.0 before SP2 does not validate the DLL files that are named as parameters to the control, which allows remote attackers to download arbitrary library code onto a client machine.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Revenera | Installshield | < 12 |
Related Weaknesses (CWE)
References
- http://knowledge.macrovision.com/selfservice/microsites/search.do?cmd=displayKC&Patch
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=649Not Applicable
- http://secunia.com/advisories/29549PatchVendor Advisory
- http://securitytracker.com/id?1019735Not Applicable
- http://www.securityfocus.com/bid/28533Patch
- http://www.vupen.com/english/advisories/2008/1049Not Applicable
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41558Third Party Advisory
- http://knowledge.macrovision.com/selfservice/microsites/search.do?cmd=displayKC&Patch
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=649Not Applicable
- http://secunia.com/advisories/29549PatchVendor Advisory
- http://securitytracker.com/id?1019735Not Applicable
- http://www.securityfocus.com/bid/28533Patch
- http://www.vupen.com/english/advisories/2008/1049Not Applicable
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41558Third Party Advisory
FAQ
What is CVE-2007-5661?
CVE-2007-5661 is a vulnerability with a CVSS score of 9.3 (HIGH). The Macrovision InstallShield InstallScript One-Click Install (OCI) ActiveX control 12.0 before SP2 does not validate the DLL files that are named as parameters to the control, which allows remote att...
How severe is CVE-2007-5661?
CVE-2007-5661 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-5661?
Check the references section above for vendor advisories and patch information. Affected products include: Revenera Installshield.