 |
Name:
Macrovision.FlexNet.DownloadManager.Arbitrary.File
|
Released Date:
Jan 17 2008
|
Severity:
critical
|
|
|
|
|
|
|
|
|
|
|
FortiGuard Center
> Vulnerability Encyclopedia
In-Depth Analysis
|
Description
|
This indicates an attempt to exploit one of several file download vulnerabilities in Macrovision FlexNext Connect.
The vulnerabilities can be exploited through the ActiveX Control "MVSNClientDownloadManager61Lib.DownloadManager". An attacker can create a specially crafted web page with an embedded call to the "AddFile()" method, causing a vulnerable host to silently download and execute a file.
|
|
|
|
Impact
|
|
System Compromise.
|
|
|
|
Affected Products
|
|
DownloadManager object ISDM.exe version 6.1.100.61372
|
|
Aliases
|
Macrovision.FlexNet.DownloadManager.Addfile.ActiveX.Access
|
|
References
|
http://www.frsirt.com/english/advisories/2008/0145
http://milw0rm.org/exploits/4909
|
|
Recommended Actions
|
|
We are not aware of any update at this time. As a work around set the kill bit to block this ActiveX Control.
|
|
