Vulnerability Description
Acresso InstallShield Update Agent does not properly verify the authenticity of Rule Scripts obtained from GetRules.asp web pages on FLEXnet Connect servers, which allows remote man-in-the-middle attackers to execute arbitrary VBScript code via Trojan horse Rules.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Acresso | Flexnet Connect | All versions |
| Acresso | Intallshield Update Agent | All versions |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/31896
- http://securityreason.com/securityalert/4268
- http://www.kb.cert.org/vuls/id/837092US Government Resource
- http://www.securityfocus.com/archive/1/496389/100/0/threaded
- http://www.securityfocus.com/bid/31204
- http://www.securitytracker.com/id?1020893
- http://www.simplicity.net/vuln/CVE-2008-1093.txt
- http://www.vupen.com/english/advisories/2008/2613
- http://secunia.com/advisories/31896
- http://securityreason.com/securityalert/4268
- http://www.kb.cert.org/vuls/id/837092US Government Resource
- http://www.securityfocus.com/archive/1/496389/100/0/threaded
- http://www.securityfocus.com/bid/31204
- http://www.securitytracker.com/id?1020893
- http://www.simplicity.net/vuln/CVE-2008-1093.txt
FAQ
What is CVE-2008-1093?
CVE-2008-1093 is a vulnerability with a CVSS score of 9.3 (HIGH). Acresso InstallShield Update Agent does not properly verify the authenticity of Rule Scripts obtained from GetRules.asp web pages on FLEXnet Connect servers, which allows remote man-in-the-middle atta...
How severe is CVE-2008-1093?
CVE-2008-1093 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-1093?
Check the references section above for vendor advisories and patch information. Affected products include: Acresso Flexnet Connect, Acresso Intallshield Update Agent.