CVE-2007-2419

Multiple buffer overflows in an ActiveX control (boisweb.dll) in Macrovision FLEXnet Connect 6.0 and Update Service 3.x to 5.x allow remote attackers to execute arbitrary code via the (1) the second parameter to the DownloadAndExecute method and (2) third parameter to the AddFileEx method, a different vulnerability than CVE-2007-0328.

Published: Jun 6, 2007
Updated: Apr 13, 2023
CVE: CVE-2007-2419
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 10
AV:N/AC:L/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
macrovision / update_service	3.0	3.0.x
macrovision / update_service	5.0	5.0.x
macrovision / flexnet_connect	6.0	6.0.x
macrovision / update_service	4.0	4.0.x

http://dvlabs.tippingpoint.com/advisory/TPTI-07-09
http://osvdb.org/36983
http://secunia.com/advisories/25509
http://support.installshield.com/kb/view.asp?articleid=Q113020
http://www.securityfocus.com/archive/1/470585/100/0/threaded
http://www.securitytracker.com/id?1018195
http://www.vupen.com/english/advisories/2007/2070
https://exchange.xforce.ibmcloud.com/vulnerabilities/34721

Vulnerability Database

290,206

CVE-2007-2419