FLEXnet Connect Update Service ActiveX Control Multiple Code Execution Vulnerabilities
High Nessus Plugin ID 27599
SynopsisThe remote Windows host has an ActiveX control that allows execution of arbitrary code.
DescriptionMacrovision FLEXnet Connect, formerly known as InstallShield Update Service, is installed on the remote host. It is a software management solution for internally-developed and third-party applications, and may have been installed as part of the FLEXnet Connect SDK, other InstallShield software, or by running FLEXnet Connect-enabled Windows software.
The version of the FLEXnet Connect client on the remote host includes an ActiveX control -- the InstallShield Update Service Agent -- that is marked as 'safe for scripting' and contains several methods that allow for downloading and launching arbitrary programs. If a remote attacker can trick a user on the affected host into visiting a specially crafted web page, this issue could be leveraged to execute arbitrary code on the host subject to the user's privileges.
Additionally, it is reportedly affected by a buffer overflow that can be triggered by passing a long argument for 'ProductCode' to the 'DownloadAndExecute()' method.
SolutionUpgrade to version 188.8.131.52101 or later of the FLEXnet Connect client.