On May 30 VMware Inc. announced updates to VMware Workstation, VMware Player, VMware ACE and VMware Fusion to resolve critical security issues. A heap buffer overflow could allow a process to break out of the guest VM and execute code on the host. In the Windows versions there's an additional vulnerability...
A security vulnerability has been reported in the One-Click Install ActiveX control in InstallShield 12. The problem only exists in the InstallScript project type; Basic MSI and InstallScript MSI are not affected. The vulnerability only exists in InstallShield version 12. A fix is available. If you are...
New reports about security vulnerabilities in Macrovision's FLEXnet Connect (formerly called InstallShield Update Service) have been published on January 15, 2007 2008. The vulnerability would enable an attacker to remotely run malicious code on a users machine. The following files are affected:...
Some additional information about the recently reported security vulnerability in FLEXnet Connect: According to Secunia the vulnerability is reported in versions 5.01.100.47363 and 6.0.100.60146 of the Update Service ActiveX control (isusweb.dll), but other versions may also be affected. It is recommended...
Today, Macrovision Corp. notified customers of FLEXnet Connect® (formerly called InstallShield Update Service) of a security vulnerability in the FLEXnet Connect client version 6.0. Customers using the FLEXnet Connect functionality that is bundled with some editions of InstallShield and AdminStudio are...
VMware has published critical security updates for VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player. The updates fix several problems, including vulnerabilities that could allow a malicious program to break out of the virtual machine and attack the host computer. VMware...
Updated information about the recent security vulnerability reports in Macrovision's FLEXnet Connect and InstallShield Update Service products: Product manager Trent Wheeler told me they are currently in the process of rolling out the fix for the two problems reported by US-CERT to customers of InstallShield...
On June 4th TippingPoint, a provider of network-based intrusion prevention systems, reported a new buffer overflow vulnerability that affects Macrovision FLEXnet Connect version 6 and InstallShield Update Service versions 3-5. TippingPoint Vulnerability Report What puzzles me is the CLSID of the vulnerable...
While doing some research on the security vulnerability in FLEXnet Connect and InstallShield Update Service I checked several versions of the agent.exe redistributable and it seems that it's using different CLSIDs in each release. The US-CERT advisory recommends setting the kill-bit for the control...
The United States Computer Emergency Readiness Team (US-CERT) reports a newly found security vulnerability in Macrovision's FLEXnet Connect. It also affects end user machines where the update agent has been installed, which many setups created with InstallShield do by default. FLEXnet Connect includes...