CVE-2008-4587

Insecure method vulnerability in the MSVNClientDownloadManager61Lib.DownloadManager.1 ActiveX control (ISDM.exe 6.1.100.61372) in Macrovision FLEXnet Connect 6.1 allows remote attackers to force the download and execution of arbitrary files via the AddFile and RunScheduledJobs methods. NOTE: this could be leveraged for code execution by uploading executable files to Startup folders.

Published: Oct 16, 2008
Updated: Apr 13, 2023
CVE: CVE-2008-4587
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
acresso / flexnet_connect	6.1	6.1.x

http://secunia.com/advisories/28496
http://securityreason.com/securityalert/4428
http://www.securityfocus.com/bid/27279
http://www.vupen.com/english/advisories/2008/0145
https://exchange.xforce.ibmcloud.com/vulnerabilities/39653
https://www.exploit-db.com/exploits/4909

Vulnerability Database

290,206

CVE-2008-4587