New Security Vulnerability in FLEXnet Connect

New reports about security vulnerabilities in Macrovision's FLEXnet Connect (formerly called InstallShield Update Service) have been published on January 15, 2007 2008. The vulnerability would enable an attacker to remotely run malicious code on a users machine. The following files are affected:

  • isusweb.dll version 6.1.100.61372
  • ISDM.exe version 6.1.100.61372

Other versions may also be affected.

Sample exploit code is available on the web.

Macrovision has not yet replied to my request for a confirmation of these reports. As a workaround you should set the kill bit for the affected ActiveX controls (see below articles for details).

Setups created with Macrovision's InstallShield often ship the FLEXnet Connect/Update Service client by default, even if the author isn't actually using it. I recommend that you review your setup packages and inform your customers, if your setup installed the vulnerable files on their machines.

[edit 2008-02-25: corrected the date]

Published Sun, Jan 20 2008 13:23 by stefan