Vulnerability Description
The InstallShield Update Service Agent ActiveX control in isusweb.dll allows remote attackers to cause a denial of service (memory corruption and browser crash) and possibly execute arbitrary code via a call to ExecuteRemote with a URL that results in a 404 error response.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Macrovision | Flexnet Connect | 6.0 |
References
- http://support.installshield.com/kb/view.asp?articleid=Q113020Patch
- http://www.kb.cert.org/vuls/id/630017Third Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/31235Third Party AdvisoryVDB Entry
- http://www.vupen.com/english/advisories/2008/2625Permissions RequiredThird Party Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45248VDB Entry
- http://support.installshield.com/kb/view.asp?articleid=Q113020Patch
- http://www.kb.cert.org/vuls/id/630017Third Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/31235Third Party AdvisoryVDB Entry
- http://www.vupen.com/english/advisories/2008/2625Permissions RequiredThird Party Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45248VDB Entry
FAQ
What is CVE-2008-2470?
CVE-2008-2470 is a vulnerability with a CVSS score of 9.3 (HIGH). The InstallShield Update Service Agent ActiveX control in isusweb.dll allows remote attackers to cause a denial of service (memory corruption and browser crash) and possibly execute arbitrary code via...
How severe is CVE-2008-2470?
CVE-2008-2470 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-2470?
Check the references section above for vendor advisories and patch information. Affected products include: Macrovision Flexnet Connect.