OSVDB ID: 38347

Title: Macrovision Update Service ActiveX (isusweb.dll) Unspecified Arbitrary Code Execution

Info

Disclosure

Oct 30, 2007

Discovery

Oct 08, 2007

Dates

Exploit

Unknown

Solution

Unknown

Description

A code execution flaw exists in Update Service ActiveX control. isusweb.dll fails to validate data passed to several methods resulting download of arbitrary code. With a specially crafted website, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity.

Classification

Location: Remote / Network Access, Local / Remote, Context Dependent
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Workaround
Exploit: Exploit Public, Exploit Private, Exploit Commercial
Disclosure: Vendor Verified, Vendor Verified, Coordinated Disclosure
OSVDB: Web Related

Solution

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: set the kill-bit on the Update Service ActiveX Control (CLSID {E9880553-B8A7-4960-A668-95C68BED571E}). See Microsoft KB article 240797 for more details.

Products

Macrovision	Update Service ActiveX	5.01.100.47363
		6.0.100.60146

References

Security Tracker: 1018881
CVE ID: 2007-5660 (see also: NVD)
Bugtraq ID: 26280
Secunia Advisory ID: 27475
ISS X-Force ID: 38210
Metasploit ID: 38347
VUPEN Advisory: ADV-2007-3670
Generic Exploit URL: http://immunitysec.com
http://www.saintcorporation.com/cgi-bin/exploit_info/installshield_update_isusweb
Other Advisory URL: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=618
Vendor Specific Advisory URL: http://support.installshield.com/kb/view.asp?articleid=Q113020
Vendor Specific News/Changelog Entry: http://support.installshield.com/kb/view.asp?articleid=Q113602
Vendor Specific Solution URL: http://www.macrovision.com/promolanding/7660.htm

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/38347