Unrated severityNVD Advisory· Published Apr 19, 2007· Updated Apr 23, 2026

CVE-2007-1009

Description

Macrovision InstallAnywhere Enterprise before 8.0.1 uses the InstallScript.iap_xml configuration file without integrity protection to verify authorization for installing an application, which allows local users to perform unauthorized installations by removing the (1) password or (2) serial number verification sections from this file.

Affected products

Macrovision/Installanywhere2 versions
cpe:2.3:a:macrovision:installanywhere:8:*:enterprise:*:*:*:*:*+ 1 more
- cpe:2.3:a:macrovision:installanywhere:8:*:enterprise:*:*:*:*:*
- cpe:2.3:a:macrovision:installanywhere:8:*:standard:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/22643nvdPatch
www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-003.txtnvdVendor Advisory
securityreason.com/securityalert/2596nvd
www.securityfocus.com/archive/1/466035/100/0/threadednvd
www.vupen.com/english/advisories/2007/1433nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000