Описание
The DWUpdateService ActiveX control in the agent (agent.exe) in Macrovision FLEXnet Connect 6.0 and Update Service 3.x to 5.x allows remote attackers to execute arbitrary commands via (1) the Execute method, and obtain the exit status using (2) the GetExitCode method.
Ссылки
- Vendor Advisory
- Vendor Advisory
- Patch
- PatchUS Government Resource
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Patch
- PatchUS Government Resource
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:macrovision:flexnet_connect:6.0:*:*:*:*:*:*:*
cpe:2.3:a:macrovision:update_service:3.0:*:*:*:*:*:*:*
cpe:2.3:a:macrovision:update_service:4.0:*:*:*:*:*:*:*
cpe:2.3:a:macrovision:update_service:5.0:*:*:*:*:*:*:*
EPSS
Процентиль: 88%
0.04151
Низкий
9.3 Critical
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
больше 3 лет назад
The DWUpdateService ActiveX control in the agent (agent.exe) in Macrovision FLEXnet Connect 6.0 and Update Service 3.x to 5.x allows remote attackers to execute arbitrary commands via (1) the Execute method, and obtain the exit status using (2) the GetExitCode method.
EPSS
Процентиль: 88%
0.04151
Низкий
9.3 Critical
CVSS2
Дефекты
NVD-CWE-Other