Описание
Acresso InstallShield Update Agent does not properly verify the authenticity of Rule Scripts obtained from GetRules.asp web pages on FLEXnet Connect servers, which allows remote man-in-the-middle attackers to execute arbitrary VBScript code via Trojan horse Rules.
Acresso InstallShield Update Agent does not properly verify the authenticity of Rule Scripts obtained from GetRules.asp web pages on FLEXnet Connect servers, which allows remote man-in-the-middle attackers to execute arbitrary VBScript code via Trojan horse Rules.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2008-1093
- http://secunia.com/advisories/31896
- http://securityreason.com/securityalert/4268
- http://www.kb.cert.org/vuls/id/837092
- http://www.securityfocus.com/archive/1/496389/100/0/threaded
- http://www.securityfocus.com/bid/31204
- http://www.securitytracker.com/id?1020893
- http://www.simplicity.net/vuln/CVE-2008-1093.txt
- http://www.vupen.com/english/advisories/2008/2613
Связанные уязвимости
Acresso InstallShield Update Agent does not properly verify the authenticity of Rule Scripts obtained from GetRules.asp web pages on FLEXnet Connect servers, which allows remote man-in-the-middle attackers to execute arbitrary VBScript code via Trojan horse Rules.