CVE-2008-4587

critical

Description

Insecure method vulnerability in the MSVNClientDownloadManager61Lib.DownloadManager.1 ActiveX control (ISDM.exe 6.1.100.61372) in Macrovision FLEXnet Connect 6.1 allows remote attackers to force the download and execution of arbitrary files via the AddFile and RunScheduledJobs methods. NOTE: this could be leveraged for code execution by uploading executable files to Startup folders.

References

https://www.exploit-db.com/exploits/4909

https://exchange.xforce.ibmcloud.com/vulnerabilities/39653

http://www.vupen.com/english/advisories/2008/0145

http://www.securityfocus.com/bid/27279

http://securityreason.com/securityalert/4428

http://secunia.com/advisories/28496

Details

Source: Mitre, NVD

Published: 2008-10-15

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.10062