Описание
The Macrovision InstallShield InstallScript One-Click Install (OCI) ActiveX control 12.0 before SP2 does not validate the DLL files that are named as parameters to the control, which allows remote attackers to download arbitrary library code onto a client machine.
Ссылки
- Patch
- Not Applicable
- PatchVendor Advisory
- Not Applicable
- Patch
- Not Applicable
- Third Party Advisory
- Patch
- Not Applicable
- PatchVendor Advisory
- Not Applicable
- Patch
- Not Applicable
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 12 (исключая)Версия до 12 (исключая)
Одно из
cpe:2.3:a:revenera:installshield:*:-:*:*:premier:*:*:*
cpe:2.3:a:revenera:installshield:*:-:*:*:professional:*:*:*
cpe:2.3:a:revenera:installshield:12:-:*:*:premier:*:*:*
cpe:2.3:a:revenera:installshield:12:-:*:*:professional:*:*:*
cpe:2.3:a:revenera:installshield:12:sp1:*:*:premier:*:*:*
cpe:2.3:a:revenera:installshield:12:sp1:*:*:professional:*:*:*
EPSS
Процентиль: 83%
0.01868
Низкий
9.3 Critical
CVSS2
Дефекты
CWE-94
Связанные уязвимости
github
почти 4 года назад
The Macrovision InstallShield InstallScript One-Click Install (OCI) ActiveX control 12.0 before SP2 does not validate the DLL files that are named as parameters to the control, which allows remote attackers to download arbitrary library code onto a client machine.
EPSS
Процентиль: 83%
0.01868
Низкий
9.3 Critical
CVSS2
Дефекты
CWE-94