CVE-2007-0328 - OpenCVE

The DWUpdateService ActiveX control in the agent (agent.exe) in Macrovision FLEXnet Connect 6.0 and Update Service 3.x to 5.x allows remote attackers to execute arbitrary commands via (1) the Execute method, and obtain the exit status using (2) the GetExitCode method.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Macrovision	Flexnet Connect Update Service

Configuration 1 [-]

OR	cpe:2.3:a:macrovision:flexnet_connect:6.0:::::::*
	cpe:2.3:a:macrovision:update_service:3.0:::::::*
	cpe:2.3:a:macrovision:update_service:4.0:::::::*
	cpe:2.3:a:macrovision:update_service:5.0:::::::*

No data.

References

Link	Providers
http://osvdb.org/36896
http://secunia.com/advisories/25501
http://secunia.com/advisories/32842
http://support.installshield.com/kb/view.asp?articleid=Q113020
http://www.blackberry.com/btsc/articles/749/KB16469_f.SAL_Public.html
http://www.kb.cert.org/vuls/id/524681
http://www.vupen.com/english/advisories/2007/2017
http://www.vupen.com/english/advisories/2008/3278
https://exchange.xforce.ibmcloud.com/vulnerabilities/34660

History

No history.

MITRE

Status: PUBLISHED

Assigner: certcc

Published: 2007-06-01T00:00:00

Updated: 2024-08-07T12:12:18.093Z

Reserved: 2007-01-17T00:00:00

Link: CVE-2007-0328

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-06-01T00:30:00.000

Modified: 2017-07-29T01:30:07.733

Link: CVE-2007-0328

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-05-31T00:00:00", "descriptions": [{"lang": "en", "value": "The DWUpdateService ActiveX control in the agent (agent.exe) in Macrovision FLEXnet Connect 6.0 and Update Service 3.x to 5.x allows remote attackers to execute arbitrary commands via (1) the Execute method, and obtain the exit status using (2) the GetExitCode method."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T12:57:01", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc"}, "references": [{"name": "36896", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/36896"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.installshield.com/kb/view.asp?articleid=Q113020"}, {"name": "32842", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/32842"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.blackberry.com/btsc/articles/749/KB16469_f.SAL_Public.html"}, {"name": "ADV-2007-2017", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/2017"}, {"name": "25501", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25501"}, {"name": "ADV-2008-3278", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/3278"}, {"name": "VU#524681", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/524681"}, {"name": "macrovision-dwupdate-command-execution(34660)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34660"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cert@cert.org", "ID": "CVE-2007-0328", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The DWUpdateService ActiveX control in the agent (agent.exe) in Macrovision FLEXnet Connect 6.0 and Update Service 3.x to 5.x allows remote attackers to execute arbitrary commands via (1) the Execute method, and obtain the exit status using (2) the GetExitCode method."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "36896", "refsource": "OSVDB", "url": "http://osvdb.org/36896"}, {"name": "http://support.installshield.com/kb/view.asp?articleid=Q113020", "refsource": "CONFIRM", "url": "http://support.installshield.com/kb/view.asp?articleid=Q113020"}, {"name": "32842", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32842"}, {"name": "http://www.blackberry.com/btsc/articles/749/KB16469_f.SAL_Public.html", "refsource": "CONFIRM", "url": "http://www.blackberry.com/btsc/articles/749/KB16469_f.SAL_Public.html"}, {"name": "ADV-2007-2017", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/2017"}, {"name": "25501", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25501"}, {"name": "ADV-2008-3278", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/3278"}, {"name": "VU#524681", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/524681"}, {"name": "macrovision-dwupdate-command-execution(34660)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34660"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T12:12:18.093Z"}, "title": "CVE Program Container", "references": [{"name": "36896", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/36896"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.installshield.com/kb/view.asp?articleid=Q113020"}, {"name": "32842", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/32842"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.blackberry.com/btsc/articles/749/KB16469_f.SAL_Public.html"}, {"name": "ADV-2007-2017", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/2017"}, {"name": "25501", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/25501"}, {"name": "ADV-2008-3278", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/3278"}, {"name": "VU#524681", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/524681"}, {"name": "macrovision-dwupdate-command-execution(34660)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34660"}]}]}, "cveMetadata": {"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2007-0328", "datePublished": "2007-06-01T00:00:00", "dateReserved": "2007-01-17T00:00:00", "dateUpdated": "2024-08-07T12:12:18.093Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:macrovision:flexnet_connect:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "2B07D756-3DB4-4ECD-83FD-CB60830F9267", "vulnerable": true}, {"criteria": "cpe:2.3:a:macrovision:update_service:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "A09B825D-2B5C-4BA8-AF5D-AB0C3FB61BA4", "vulnerable": true}, {"criteria": "cpe:2.3:a:macrovision:update_service:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "61E90832-465C-4C77-8171-36593FEF3DB0", "vulnerable": true}, {"criteria": "cpe:2.3:a:macrovision:update_service:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "8427D006-33CA-4677-9536-26596FB210D9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The DWUpdateService ActiveX control in the agent (agent.exe) in Macrovision FLEXnet Connect 6.0 and Update Service 3.x to 5.x allows remote attackers to execute arbitrary commands via (1) the Execute method, and obtain the exit status using (2) the GetExitCode method."}, {"lang": "es", "value": "El control ActiveX DWUpdateService en el agente (agent.exe) en Macrovision FLEXnet Connect versi\u00f3n 6.0 y Update Service versiones 3.x hasta 5.x, permite a atacantes remotos ejecutar comandos arbitrarios por medio de (1) el m\u00e9todo Execute y obtener el estado de salida usando (2) el m\u00e9todo GetExitCode."}], "id": "CVE-2007-0328", "lastModified": "2017-07-29T01:30:07.733", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2007-06-01T00:30:00.000", "references": [{"source": "cret@cert.org", "url": "http://osvdb.org/36896"}, {"source": "cret@cert.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/25501"}, {"source": "cret@cert.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/32842"}, {"source": "cret@cert.org", "tags": ["Patch"], "url": "http://support.installshield.com/kb/view.asp?articleid=Q113020"}, {"source": "cret@cert.org", "url": "http://www.blackberry.com/btsc/articles/749/KB16469_f.SAL_Public.html"}, {"source": "cret@cert.org", "tags": ["Patch", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/524681"}, {"source": "cret@cert.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2007/2017"}, {"source": "cret@cert.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2008/3278"}, {"source": "cret@cert.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34660"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}