A security vulnerability has been reported in the One-Click Install ActiveX control in InstallShield 12. The problem only exists in the InstallScript project type; Basic MSI and InstallScript MSI are not affected. The vulnerability only exists in InstallShield version 12. A fix is available. If you are...
New reports about security vulnerabilities in Macrovision's FLEXnet Connect (formerly called InstallShield Update Service) have been published on January 15, 2007 2008. The vulnerability would enable an attacker to remotely run malicious code on a users machine. The following files are affected:...
Some additional information about the recently reported security vulnerability in FLEXnet Connect: According to Secunia the vulnerability is reported in versions 5.01.100.47363 and 6.0.100.60146 of the Update Service ActiveX control (isusweb.dll), but other versions may also be affected. It is recommended...
Today, Macrovision Corp. notified customers of FLEXnet Connect® (formerly called InstallShield Update Service) of a security vulnerability in the FLEXnet Connect client version 6.0. Customers using the FLEXnet Connect functionality that is bundled with some editions of InstallShield and AdminStudio are...
Updated information about the recent security vulnerability reports in Macrovision's FLEXnet Connect and InstallShield Update Service products: Product manager Trent Wheeler told me they are currently in the process of rolling out the fix for the two problems reported by US-CERT to customers of InstallShield...
On June 4th TippingPoint, a provider of network-based intrusion prevention systems, reported a new buffer overflow vulnerability that affects Macrovision FLEXnet Connect version 6 and InstallShield Update Service versions 3-5. TippingPoint Vulnerability Report What puzzles me is the CLSID of the vulnerable...
While doing some research on the security vulnerability in FLEXnet Connect and InstallShield Update Service I checked several versions of the agent.exe redistributable and it seems that it's using different CLSIDs in each release. The US-CERT advisory recommends setting the kill-bit for the control...
The United States Computer Emergency Readiness Team (US-CERT) reports a newly found security vulnerability in Macrovision's FLEXnet Connect. It also affects end user machines where the update agent has been installed, which many setups created with InstallShield do by default. FLEXnet Connect includes...
The United States Computer Emergency Readiness Team (US-CERT) reported critical security vulnerabilities in two ActiveX controls and a Netscape plug-in that InstallShield/Macrovision products install on end user machines. According to the reports the vulnerabilities can be exploited execute arbitrary...