← Back

CVE-2007-5661

nvd nist
Published: Apr 4, 2008Modified: Aug 1, 2025

JSON object

Loading...
9.3
Vector
AV:N/AC:M/Au:N/C:C/I:C/A:C
Exploitability: 8.6 / Impact: 10.0
Source: NVD

Description

The Macrovision InstallShield InstallScript One-Click Install (OCI) ActiveX control 12.0 before SP2 does not validate the DLL files that are named as parameters to the control, which allows remote attackers to download arbitrary library code onto a client machine.

Affected (6)

Revenera
1 product
Installshield
Configuration A
6 vulnerable
Vulnerable SoftwareAffected Versions
Revenera
Installshield
Before 12
Installshield
Before 12
Installshield
Version 12
Installshield
Version 12
Installshield
Version 12 sp1
Installshield
Version 12 sp1

Related CWEs

CWE-94
Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (14)

Source: cve@mitre.org
Patch
Source: cve@mitre.org
Not Applicable
Source: cve@mitre.org
PatchVendor Advisory
Source: cve@mitre.org
Not Applicable
Source: cve@mitre.org
Patch
Source: cve@mitre.org
Not Applicable
Source: cve@mitre.org
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Not Applicable
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Not Applicable
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Not Applicable
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.