The DWUpdateService ActiveX control in the agent (agent.exe) in Macrovision FLEXnet Connect 6.0 and Update Service 3.x to 5.x allows remote attackers to execute arbitrary commands via (1) the Execute method, and obtain the exit status using (2) the GetExitCode method.
https://exchange.xforce.ibmcloud.com/vulnerabilities/34660
http://www.vupen.com/english/advisories/2008/3278
http://www.vupen.com/english/advisories/2007/2017
http://www.kb.cert.org/vuls/id/524681
http://www.blackberry.com/btsc/articles/749/KB16469_f.SAL_Public.html
http://support.installshield.com/kb/view.asp?articleid=Q113020
http://secunia.com/advisories/32842