Unsafe update module for Macrovision's InstallShield
iDefense has discovered a vulnerability in Macrovision's software that creates installation packages, InstallShield and FLEXnet. Attackers can exploit the vulnerability to inject and execute arbitrary code without being noticed. The software and the installation packages it creates may set up a flawed ActiveX module as an Update Service and label it "Safe for Scripting", allowing websites to connect to it in Internet Explorer without a warning.
iDefense does not provide any details on this vulnerability in its security advisory, but it is clear that the file isus.web.dll in versions 5.01.100.47363 and 6.0.100.60146 is affected – it is one of the files installed by InstallShield 2008 and FLEXnet SDK. The ActiveX component with the ClassID {E9880553-B8A7-4960-A668-95C68BED571E} is probably used quite often on client computers because it is designed to be used with finished installation packages. Until the software vendor has released an update, users should therefore set the kill bit in the registry. Microsoft provides instructions on how to do so in its knowledgebase.
- Macrovision InstallShield Update Service ActiveX Unsafe Method Vulnerability, iDefense's security advisory
- Download updates from Macrovision
(mba)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/6/7/2/comingin310_4_kicker-4977194bfb0de0d7.png)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/3/2/3/comingin310_3_kicker-151cd7b9e9660f05.png)
