38347 : Macrovision Update Service ActiveX (isusweb.dll) Unspecified Arbitrary Code Execution
Printer | http://osvdb.org/38347 | Email This | Edit Vulnerability

Views This Week	Views All Time	Added to OSVDB	Last Modified	Modified (since 2008)	Percent Complete
24	2419	over 4 years ago	about 1 year ago	7 times	100%

Timeline

Vendor Informed Date	Vendor Ack Date	Discovery Date	Disclosure Date
2007-09-24	2007-09-24	2007-10-08	2007-10-30

Keywords

CLSID: E9880553-B8A7-4960-A668-95C68BED571E

Description

A code execution flaw exists in Update Service ActiveX control. isusweb.dll fails to validate data passed to several methods resulting download of arbitrary code. With a specially crafted website, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity.

Classification

Location: Remote / Network Access, Local / Remote, Context Dependent
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Workaround
Exploit: Exploit Public, Exploit Private, Exploit Commercial
Disclosure: Vendor Verified, Vendor Verified, Coordinated Disclosure
OSVDB: Web Related

Solution

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: set the kill-bit on the Update Service ActiveX Control (CLSID {E9880553-B8A7-4960-A668-95C68BED571E}). See Microsoft KB article 240797 for more details.

Products

Macrovision	Update Service ActiveX	5.01.100.47363
		6.0.100.60146

References

Security Tracker: 1018881
CVE ID: 2007-5660 (see also: NVD)
Bugtraq ID: 26280
Secunia Advisory ID: 27475
ISS X-Force ID: 38210
Metasploit ID: 38347
VUPEN Advisory: ADV-2007-3670
Generic Exploit URL: http://immunitysec.com
http://www.saintcorporation.com/cgi-bin/exploit_info/installshield_update_isusweb
Other Advisory URL: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=618
Vendor Specific Advisory URL: http://support.installshield.com/kb/view.asp?articleid=Q113020
Vendor Specific News/Changelog Entry: http://support.installshield.com/kb/view.asp?articleid=Q113602
Vendor Specific Solution URL: http://www.macrovision.com/promolanding/7660.htm

Tools & Filters

Snort	12703 8738 8739 8740
	27599

Credit

Anonymous - iDefense Labs VCP

CVSSv2 Score

CVSSv2 Base Score = 9.3
Source: nvd.nist.gov | Generated: 2007-11-05 | Disagree?

Blogs

This product uses the Daylife API but is not endorsed or certified by Daylife.

This section lists the latest news and blogs found via the daylife API (and for older items, the technorati API), which mention or otherwise discuss this vulnerability.

None found at this time

Comments

Add Comment Hide Add Comment

No Comments.

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.