CVE-2007-0328

The DWUpdateService ActiveX control in the agent (agent.exe) in Macrovision FLEXnet Connect 6.0 and Update Service 3.x to 5.x allows remote attackers to execute arbitrary commands via (1) the Execute method, and obtain the exit status using (2) the GetExitCode method.

Published: Jun 1, 2007
Updated: Apr 13, 2023
CVE: CVE-2007-0328
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
macrovision / update_service	3.0	3.0.x
macrovision / update_service	5.0	5.0.x
macrovision / flexnet_connect	6.0	6.0.x
macrovision / update_service	4.0	4.0.x

http://osvdb.org/36896
http://secunia.com/advisories/25501
http://secunia.com/advisories/32842
http://support.installshield.com/kb/view.asp?articleid=Q113020
http://www.blackberry.com/btsc/articles/749/KB16469_f.SAL_Public.html
http://www.kb.cert.org/vuls/id/524681
http://www.vupen.com/english/advisories/2007/2017
http://www.vupen.com/english/advisories/2008/3278
https://exchange.xforce.ibmcloud.com/vulnerabilities/34660

Vulnerability Database

290,206

CVE-2007-0328