In association with heise online

01 November 2007, 11:21

Unsafe update module for Macrovision's InstallShield

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

iDefense has discovered a vulnerability in Macrovision's software that creates installation packages, InstallShield and FLEXnet. Attackers can exploit the vulnerability to inject and execute arbitrary code without being noticed. The software and the installation packages it creates may set up a flawed ActiveX module as an Update Service and label it "Safe for Scripting", allowing websites to connect to it in Internet Explorer without a warning.

iDefense does not provide any details on this vulnerability in its security advisory, but it is clear that the file isus.web.dll in versions and is affected – it is one of the files installed by InstallShield 2008 and FLEXnet SDK. The ActiveX component with the ClassID {E9880553-B8A7-4960-A668-95C68BED571E} is probably used quite often on client computers because it is designed to be used with finished installation packages. Until the software vendor has released an update, users should therefore set the kill bit in the registry. Microsoft provides instructions on how to do so in its knowledgebase.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit