Macrovision InstallShield InstallScript One-Click Install ActiveX Arbitrary Code Execution

high Nessus Plugin ID 31724

Synopsis

The remote Windows host has an ActiveX control that is affected by a buffer overflow vulnerability.

Description

The remote host contains the InstallScript One-Click Install ActiveX control distributed with Macrovision's InstallShield.

The installed version of that control reportedly allows an attacker to download arbitrary DLL files from a website to be executed as part of a web install. If a remote attacker can trick a user on the affected host into visiting a specially crafted web page, this issue could be leveraged to execute arbitrary code on the affected host subject to the user's privileges.

Solution

Upgrade to InstallShield 12 Service Pack 2 if necessary, apply the appropriate hotfix, and then rebuild and update any HTML files as described in the vendor's advisory.

See Also

http://www.nessus.org/u?a6772e50

https://seclists.org/fulldisclosure/2008/Mar/599

Plugin Details

Severity: High

ID: 31724

File Name: installshield_installscript_library_loading.nasl

Version: 1.19

Type: local

Agent: windows

Family: Windows

Published: 4/1/2008

Updated: 11/15/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

Required KB Items: SMB/Registry/Enumerated

Exploit Ease: No known exploits are available

Reference Information

CVE: CVE-2007-5661

BID: 28533

CWE: 94

Secunia: 29549