CVE-2007-2419

critical

Description

Multiple buffer overflows in an ActiveX control (boisweb.dll) in Macrovision FLEXnet Connect 6.0 and Update Service 3.x to 5.x allow remote attackers to execute arbitrary code via the (1) the second parameter to the DownloadAndExecute method and (2) third parameter to the AddFileEx method, a different vulnerability than CVE-2007-0328.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/34721

http://www.vupen.com/english/advisories/2007/2070

http://www.securitytracker.com/id?1018195

http://www.securityfocus.com/archive/1/470585/100/0/threaded

http://support.installshield.com/kb/view.asp?articleid=Q113020

http://secunia.com/advisories/25509

http://osvdb.org/36983

http://dvlabs.tippingpoint.com/advisory/TPTI-07-09

Details

Source: Mitre, NVD

Published: 2007-06-06

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.05531