Search criteria
3 vulnerabilities by acresso
CVE-2008-4586 (GCVE-0-2008-4586)
Vulnerability from cvelistv5 – Published: 2008-10-15 22:00 – Updated: 2024-08-07 10:24
VLAI
Summary
Insecure method vulnerability in the MVSNCLientWebAgent61.WebAgent.1 ActiveX control (isusweb.dll 6.1.100.61372) in Macrovision FLEXnet Connect 6.1 allows remote attackers to force the download and execution of arbitrary files via the DownloadAndExecute method.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/4913 | exploitx_refsource_EXPLOIT-DB |
| http://securityreason.com/securityalert/4425 | third-party-advisoryx_refsource_SREASON |
| http://www.vupen.com/english/advisories/2008/0145 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/28496 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/27279 | vdb-entryx_refsource_BID |
Date Public
2008-01-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:24:20.504Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "4913",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4913"
},
{
"name": "4425",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4425"
},
{
"name": "ADV-2008-0145",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0145"
},
{
"name": "28496",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28496"
},
{
"name": "27279",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27279"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Insecure method vulnerability in the MVSNCLientWebAgent61.WebAgent.1 ActiveX control (isusweb.dll 6.1.100.61372) in Macrovision FLEXnet Connect 6.1 allows remote attackers to force the download and execution of arbitrary files via the DownloadAndExecute method."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "4913",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4913"
},
{
"name": "4425",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4425"
},
{
"name": "ADV-2008-0145",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0145"
},
{
"name": "28496",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28496"
},
{
"name": "27279",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27279"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4586",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insecure method vulnerability in the MVSNCLientWebAgent61.WebAgent.1 ActiveX control (isusweb.dll 6.1.100.61372) in Macrovision FLEXnet Connect 6.1 allows remote attackers to force the download and execution of arbitrary files via the DownloadAndExecute method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4913",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4913"
},
{
"name": "4425",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4425"
},
{
"name": "ADV-2008-0145",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0145"
},
{
"name": "28496",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28496"
},
{
"name": "27279",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27279"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4586",
"datePublished": "2008-10-15T22:00:00.000Z",
"dateReserved": "2008-10-15T00:00:00.000Z",
"dateUpdated": "2024-08-07T10:24:20.504Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-4587 (GCVE-0-2008-4587)
Vulnerability from cvelistv5 – Published: 2008-10-15 22:00 – Updated: 2024-08-07 10:24
VLAI
Summary
Insecure method vulnerability in the MSVNClientDownloadManager61Lib.DownloadManager.1 ActiveX control (ISDM.exe 6.1.100.61372) in Macrovision FLEXnet Connect 6.1 allows remote attackers to force the download and execution of arbitrary files via the AddFile and RunScheduledJobs methods. NOTE: this could be leveraged for code execution by uploading executable files to Startup folders.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.vupen.com/english/advisories/2008/0145 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/28496 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/27279 | vdb-entryx_refsource_BID |
| https://www.exploit-db.com/exploits/4909 | exploitx_refsource_EXPLOIT-DB |
| http://securityreason.com/securityalert/4428 | third-party-advisoryx_refsource_SREASON |
Date Public
2008-01-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:24:19.314Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-0145",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0145"
},
{
"name": "28496",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28496"
},
{
"name": "macrovision-flexnet-file-overwrite(39653)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39653"
},
{
"name": "27279",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27279"
},
{
"name": "4909",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4909"
},
{
"name": "4428",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4428"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Insecure method vulnerability in the MSVNClientDownloadManager61Lib.DownloadManager.1 ActiveX control (ISDM.exe 6.1.100.61372) in Macrovision FLEXnet Connect 6.1 allows remote attackers to force the download and execution of arbitrary files via the AddFile and RunScheduledJobs methods. NOTE: this could be leveraged for code execution by uploading executable files to Startup folders."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2008-0145",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0145"
},
{
"name": "28496",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28496"
},
{
"name": "macrovision-flexnet-file-overwrite(39653)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39653"
},
{
"name": "27279",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27279"
},
{
"name": "4909",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4909"
},
{
"name": "4428",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4428"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4587",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insecure method vulnerability in the MSVNClientDownloadManager61Lib.DownloadManager.1 ActiveX control (ISDM.exe 6.1.100.61372) in Macrovision FLEXnet Connect 6.1 allows remote attackers to force the download and execution of arbitrary files via the AddFile and RunScheduledJobs methods. NOTE: this could be leveraged for code execution by uploading executable files to Startup folders."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-0145",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0145"
},
{
"name": "28496",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28496"
},
{
"name": "macrovision-flexnet-file-overwrite(39653)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39653"
},
{
"name": "27279",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27279"
},
{
"name": "4909",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4909"
},
{
"name": "4428",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4428"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4587",
"datePublished": "2008-10-15T22:00:00.000Z",
"dateReserved": "2008-10-15T00:00:00.000Z",
"dateUpdated": "2024-08-07T10:24:19.314Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1093 (GCVE-0-2008-1093)
Vulnerability from cvelistv5 – Published: 2008-09-17 18:06 – Updated: 2024-08-07 08:08
VLAI
Summary
Acresso InstallShield Update Agent does not properly verify the authenticity of Rule Scripts obtained from GetRules.asp web pages on FLEXnet Connect servers, which allows remote man-in-the-middle attackers to execute arbitrary VBScript code via Trojan horse Rules.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.simplicity.net/vuln/CVE-2008-1093.txt | x_refsource_MISC |
| http://www.vupen.com/english/advisories/2008/2613 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/31896 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/31204 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/archive/1/496389/100… | mailing-listx_refsource_BUGTRAQ |
| http://securityreason.com/securityalert/4268 | third-party-advisoryx_refsource_SREASON |
| http://www.kb.cert.org/vuls/id/837092 | third-party-advisoryx_refsource_CERT-VN |
| http://www.securitytracker.com/id?1020893 | vdb-entryx_refsource_SECTRACK |
Date Public
2008-09-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:08:57.628Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.simplicity.net/vuln/CVE-2008-1093.txt"
},
{
"name": "ADV-2008-2613",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2613"
},
{
"name": "31896",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31896"
},
{
"name": "31204",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31204"
},
{
"name": "20080916 InstallShield Update Agent - Downloads and executes \"Rule Scripts\" insecurely.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/496389/100/0/threaded"
},
{
"name": "4268",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4268"
},
{
"name": "VU#837092",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/837092"
},
{
"name": "1020893",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020893"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Acresso InstallShield Update Agent does not properly verify the authenticity of Rule Scripts obtained from GetRules.asp web pages on FLEXnet Connect servers, which allows remote man-in-the-middle attackers to execute arbitrary VBScript code via Trojan horse Rules."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.simplicity.net/vuln/CVE-2008-1093.txt"
},
{
"name": "ADV-2008-2613",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2613"
},
{
"name": "31896",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31896"
},
{
"name": "31204",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31204"
},
{
"name": "20080916 InstallShield Update Agent - Downloads and executes \"Rule Scripts\" insecurely.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/496389/100/0/threaded"
},
{
"name": "4268",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4268"
},
{
"name": "VU#837092",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/837092"
},
{
"name": "1020893",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020893"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1093",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Acresso InstallShield Update Agent does not properly verify the authenticity of Rule Scripts obtained from GetRules.asp web pages on FLEXnet Connect servers, which allows remote man-in-the-middle attackers to execute arbitrary VBScript code via Trojan horse Rules."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.simplicity.net/vuln/CVE-2008-1093.txt",
"refsource": "MISC",
"url": "http://www.simplicity.net/vuln/CVE-2008-1093.txt"
},
{
"name": "ADV-2008-2613",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2613"
},
{
"name": "31896",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31896"
},
{
"name": "31204",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31204"
},
{
"name": "20080916 InstallShield Update Agent - Downloads and executes \"Rule Scripts\" insecurely.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/496389/100/0/threaded"
},
{
"name": "4268",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4268"
},
{
"name": "VU#837092",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/837092"
},
{
"name": "1020893",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020893"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1093",
"datePublished": "2008-09-17T18:06:00.000Z",
"dateReserved": "2008-02-28T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:08:57.628Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}