Browse by Tags

All Tags » Security (RSS)
Thu, Jun 11 2009 10:44

Why UAC isn’t a security boundary, and how auto-elevation works on Windows 7

Mark Russinovich (of SysInternals fame and now employed as a Technical Fellow at Microsoft) has published an interesting article about User Account Control (UAC) in the July issue of TechNet Magazine. He discusses the goal of UAC, why it could be circumvented...
Posted by stefan | with no comments
Filed under: , , , ,
Mon, Feb 16 2009 11:43

FLEXnet Connect 6.1 Security Update

Acresso has published a fix for a security issue in FLEXnet Connect (previously called InstallShield Update Service) that was reported in September 2008. The problem was that FLEXnet connect used an unauthenticated HTTP connection to download and execute...
Posted by stefan | with no comments
Filed under: , , ,
Thu, Sep 18 2008 9:10

Security Vulnerability in FLEXnet Connect / InstallShield Update Service

When checking for updates, the FLEXnet Connect client (and it's previous versions named InstallShield Update Service) can download and execute scripts from the update server. The problem is that these scripts are downloaded via HTTP, so the identity...
Posted by stefan | 2 comment(s)
Filed under: , , , ,
Mon, Jun 2 2008 12:53

VMware Update fixes Security Vulnerabilities

On May 30 VMware Inc. announced updates to VMware Workstation, VMware Player, VMware ACE and VMware Fusion to resolve critical security issues. A heap buffer overflow could allow a process to break out of the guest VM and execute code on the host. In...
Posted by stefan | with no comments
Filed under: , , ,
Wed, Apr 2 2008 9:04

One-Click Install (OCI) Security Vulnerability in InstallShield 12

A security vulnerability has been reported in the One-Click Install ActiveX control in InstallShield 12. The problem only exists in the InstallScript project type; Basic MSI and InstallScript MSI are not affected. The vulnerability only exists in InstallShield...
Posted by stefan | with no comments
Filed under: , , ,
Sun, Jan 20 2008 13:23

New Security Vulnerability in FLEXnet Connect

New reports about security vulnerabilities in Macrovision's FLEXnet Connect (formerly called InstallShield Update Service) have been published on January 15, 2007 2008. The vulnerability would enable an attacker to remotely run malicious code on a...
Posted by stefan | with no comments
Filed under: , , , ,
Fri, Nov 2 2007 13:18

More on the security patch for FLEXnet Connect

Some additional information about the recently reported security vulnerability in FLEXnet Connect: According to Secunia the vulnerability is reported in versions 5.01.100.47363 and 6.0.100.60146 of the Update Service ActiveX control (isusweb.dll), but...
Posted by stefan | with no comments
Filed under: , , , ,
Tue, Oct 30 2007 19:00

Security patch for FLEXnet Connect

Today, Macrovision Corp. notified customers of FLEXnet Connect® (formerly called InstallShield Update Service) of a security vulnerability in the FLEXnet Connect client version 6.0. Customers using the FLEXnet Connect functionality that is bundled with...
Posted by stefan | 1 comment(s)
Filed under: , , , ,
Fri, Sep 21 2007 11:54

Security Update for VMware Products

VMware has published critical security updates for VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player. The updates fix several problems, including vulnerabilities that could allow a malicious program to break out of the...
Posted by stefan | with no comments
Filed under: , ,
Thu, Jun 21 2007 21:32

Macrovision preparing end-user patch for FLEXnet Connect/Update Service security issues

Updated information about the recent security vulnerability reports in Macrovision's FLEXnet Connect and InstallShield Update Service products: Product manager Trent Wheeler told me they are currently in the process of rolling out the fix for the...
Posted by stefan | 4 comment(s)
Filed under: , , ,
Wed, Jun 6 2007 11:58

Doubts about yet another FLEXnet Connect/InstallShield Update Service vulnerability report

On June 4th TippingPoint, a provider of network-based intrusion prevention systems, reported a new buffer overflow vulnerability that affects Macrovision FLEXnet Connect version 6 and InstallShield Update Service versions 3-5. TippingPoint Vulnerability...
Posted by stefan | 6 comment(s)
Filed under: , , ,
Sat, Jun 2 2007 14:46

Update on the FLEXnet Connect/InstallShield Update Service vulnerability

While doing some research on the security vulnerability in FLEXnet Connect and InstallShield Update Service I checked several versions of the agent.exe redistributable and it seems that it's using different CLSIDs in each release. The US-CERT advisory...
Posted by stefan | 4 comment(s)
Filed under: , , ,
Fri, Jun 1 2007 14:53

Security vulnerability in FLEXnet Connect/InstallShield Update Service end user ActiveX control (reported May 31, 2007)

The United States Computer Emergency Readiness Team (US-CERT) reports a newly found security vulnerability in Macrovision's FLEXnet Connect. It also affects end user machines where the update agent has been installed, which many setups created with...
Posted by stefan | 4 comment(s)
Filed under: , , ,
Fri, May 4 2007 12:56

Security Update for VMware Workstation 5.5

A security vulnerability has been identified in VMware Workstation version 5.5: A program which is running in the virtual guest operating system could read and write arbitrary files on the physical host computer. The vulnerability has been fixed in VMware...
Posted by stefan | with no comments
Filed under: ,
Mon, Mar 5 2007 18:55

Security Vulnerabilities in InstallShield Runtime Files on End User Machines

The United States Computer Emergency Readiness Team (US-CERT) reported critical security vulnerabilities in two ActiveX controls and a Netscape plug-in that InstallShield/Macrovision products install on end user machines. According to the reports the...
Posted by stefan | with no comments
Filed under: , , ,