HTTP: Macrovision InstallShield Isusweb.dll ActiveX
This signature detects attempts to exploit a known vulnerability against Macrovision Installshield Update Service. An attacker could create a malicious Web site containing dangerous ActiveX calls, which if accessed by a victim, can allow the attacker to gain control of the victim's client browser.
Extended Description
InstallShield Update Service is prone to multiple remote code-execution vulnerabilities because it fails to adequately sanitize user-supplied data. Successfully exploiting these issues will allow an attacker to execute arbitrary code with the permissions of the user running the application. These issues affect InstallShield Update Service 5.01.100.47363 and 6.0.100.60146.
Affected Products
Macrovision update_service
Short Name
HTTP:STC:ACTIVEX:ISUSWEB
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
ActiveX CVE-2007-5660 CVE-2007-6654 CVE-2008-2470 InstallShield Isusweb.dll Macrovision bid:26280 bid:27013 bid:31235
Release Date
11/12/2007
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3724
False Positive
Unknown
Vendors
Macrovision
CVSS Score
9.3