CVE-2008-1093

Acresso InstallShield Update Agent does not properly verify the authenticity of Rule Scripts obtained from GetRules.asp web pages on FLEXnet Connect servers, which allows remote man-in-the-middle attackers to execute arbitrary VBScript code via Trojan horse Rules.

Published: Sep 18, 2008
Updated: Apr 13, 2023
CVE: CVE-2008-1093
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-94

Affected Software
References

Software	From	Fixed in
acresso / flexnet_connect	-	-
acresso / intallshield_update_agent	-	-

http://secunia.com/advisories/31896
http://securityreason.com/securityalert/4268
http://www.kb.cert.org/vuls/id/837092
http://www.securityfocus.com/archive/1/496389/100/0/threaded
http://www.securityfocus.com/bid/31204
http://www.securitytracker.com/id?1020893
http://www.simplicity.net/vuln/CVE-2008-1093.txt
http://www.vupen.com/english/advisories/2008/2613

Vulnerability Database

290,018

CVE-2008-1093