FLEXnet Connect Update Service ActiveX Control Multiple Code Execution Vulnerabilities

High Nessus Plugin ID 27599


The remote Windows host has an ActiveX control that allows execution of arbitrary code.


Macrovision FLEXnet Connect, formerly known as InstallShield Update Service, is installed on the remote host. It is a software management solution for internally-developed and third-party applications, and may have been installed as part of the FLEXnet Connect SDK, other InstallShield software, or by running FLEXnet Connect-enabled Windows software.

The version of the FLEXnet Connect client on the remote host includes an ActiveX control -- the InstallShield Update Service Agent -- that is marked as 'safe for scripting' and contains several methods that allow for downloading and launching arbitrary programs. If a remote attacker can trick a user on the affected host into visiting a specially crafted web page, this issue could be leveraged to execute arbitrary code on the host subject to the user's privileges.

Additionally, it is reportedly affected by a buffer overflow that can be triggered by passing a long argument for 'ProductCode' to the 'DownloadAndExecute()' method.


Upgrade to version or later of the FLEXnet Connect client.

See Also






Plugin Details

Severity: High

ID: 27599

File Name: flexnet_connect_isusweb_activex.nasl

Version: $Revision: 1.22 $

Type: local

Agent: windows

Family: Windows

Published: 2007/11/01

Modified: 2016/10/10

Dependencies: 13855

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

Vulnerability Information

Required KB Items: SMB/Registry/Enumerated

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 2007/10/30

Exploitable With


Metasploit (Macrovision InstallShield Update Service ActiveX Unsafe Method)

Reference Information

CVE: CVE-2007-5660, CVE-2007-6654

BID: 26280, 27013

OSVDB: 38347, 39980

CWE: 119