VYPR
Vendor

Macrovision

Products
9
CVEs
18
Across products
26
Status
Private

Products

9

Recent CVEs

18
  • CVE-2021-47825HigJan 16, 2026
    risk 0.51cvss 7.8epss 0.00

    Acer Updater Service 1.2.3500.0 contains an unquoted service path vulnerability that allows local users to execute code with elevated system privileges. Attackers can exploit the unquoted path in C:\Program Files\Acer\Acer Updater\ to inject malicious executables that will run…

  • CVE-2018-7249HigFeb 26, 2018
    risk 0.46cvss 7.0epss 0.02

    An issue was discovered in secdrv.sys as shipped in Microsoft Windows Vista, Windows 7, Windows 8, and Windows 8.1 before KB3086255, and as shipped in Macrovision SafeDisc. Two carefully timed calls to IOCTL 0xCA002813 can cause a race condition that leads to a use-after-free.…

  • CVE-2007-5660Nov 2, 2007
    risk 0.06cvss epss 0.37

    Unspecified vulnerability in the Update Service ActiveX control in isusweb.dll before 6.0.100.65101 in MacroVision FLEXnet Connect and InstallShield 2008 allows remote attackers to execute arbitrary code via an unspecified "unsafe method," possibly involving a buffer overflow.

  • CVE-2008-4587Oct 15, 2008
    risk 0.04cvss epss 0.11

    Insecure method vulnerability in the MSVNClientDownloadManager61Lib.DownloadManager.1 ActiveX control (ISDM.exe 6.1.100.61372) in Macrovision FLEXnet Connect 6.1 allows remote attackers to force the download and execution of arbitrary files via the AddFile and RunScheduledJobs…

  • CVE-2008-4586Oct 15, 2008
    risk 0.03cvss epss 0.05

    Insecure method vulnerability in the MVSNCLientWebAgent61.WebAgent.1 ActiveX control (isusweb.dll 6.1.100.61372) in Macrovision FLEXnet Connect 6.1 allows remote attackers to force the download and execution of arbitrary files via the DownloadAndExecute method.

  • CVE-2007-6654Jan 4, 2008
    risk 0.03cvss epss 0.06

    Buffer overflow in a certain ActiveX control in Macrovision InstallShield Update Service Web Agent 5.1.100.47363 allows remote attackers to execute arbitrary code via a long string in the ProductCode argument (second argument) to the DownloadAndExecute method, a different…

  • CVE-2007-5587Oct 19, 2007
    risk 0.03cvss epss 0.03

    Buffer overflow in Macrovision SafeDisc secdrv.sys before 4.3.86.0, as shipped in Microsoft Windows XP SP2, XP Professional x64 and x64 SP2, Server 2003 SP1 and SP2, and Server 2003 x64 and x64 SP2 allows local users to overwrite arbitrary memory locations and gain privileges…

  • CVE-2007-0321Feb 23, 2007
    risk 0.01cvss epss 0.07

    Buffer overflow in the Update Service Agent ActiveX Control in isusweb.dll for Macrovision FLEXnet Connect (formerly InstallShield Update Service) allows remote attackers to execute arbitrary code via the Download method.

  • CVE-2007-6744Jan 19, 2012
    risk 0.00cvss epss 0.00

    Flexera Macrovision InstallShield before 2008 sends a digital-signature password to an unintended application during certain signature operations involving .spc and .pvk files, which might allow local users to obtain sensitive information via unspecified vectors, related to an…

  • CVE-2008-2470Sep 18, 2008
    risk 0.00cvss epss 0.05

    The InstallShield Update Service Agent ActiveX control in isusweb.dll allows remote attackers to cause a denial of service (memory corruption and browser crash) and possibly execute arbitrary code via a call to ExecuteRemote with a URL that results in a 404 error response.

  • CVE-2008-1093Sep 18, 2008
    risk 0.00cvss epss 0.02

    Acresso InstallShield Update Agent does not properly verify the authenticity of Rule Scripts obtained from GetRules.asp web pages on FLEXnet Connect servers, which allows remote man-in-the-middle attackers to execute arbitrary VBScript code via Trojan horse Rules.

  • CVE-2007-5661Apr 4, 2008
    risk 0.00cvss epss 0.02

    The Macrovision InstallShield InstallScript One-Click Install (OCI) ActiveX control 12.0 before SP2 does not validate the DLL files that are named as parameters to the control, which allows remote attackers to download arbitrary library code onto a client machine.

  • CVE-2007-2419Jun 6, 2007
    risk 0.00cvss epss 0.06

    Multiple buffer overflows in an ActiveX control (boisweb.dll) in Macrovision FLEXnet Connect 6.0 and Update Service 3.x to 5.x allow remote attackers to execute arbitrary code via the (1) the second parameter to the DownloadAndExecute method and (2) third parameter to the…

  • CVE-2007-0328Jun 1, 2007
    risk 0.00cvss epss 0.05

    The DWUpdateService ActiveX control in the agent (agent.exe) in Macrovision FLEXnet Connect 6.0 and Update Service 3.x to 5.x allows remote attackers to execute arbitrary commands via (1) the Execute method, and obtain the exit status using (2) the GetExitCode method.

  • CVE-2007-1009Apr 19, 2007
    risk 0.00cvss epss 0.00

    Macrovision InstallAnywhere Enterprise before 8.0.1 uses the InstallScript.iap_xml configuration file without integrity protection to verify authorization for installing an application, which allows local users to perform unauthorized installations by removing the (1) password…

  • CVE-2007-0320Feb 23, 2007
    risk 0.00cvss epss 0.05

    Multiple buffer overflows in (a) an ActiveX control (iftw.dll) and (b) Netscape plug-in (npiftw32.dll) for Macrovision (formerly InstallShield) InstallFromTheWeb allow remote attackers to execute arbitrary code via crafted HTML documents.

  • CVE-2006-1197Mar 13, 2006
    risk 0.00cvss epss 0.00

    SafeDisc installs the driver service for the secdrv.sys driver with insecure permissions, which allows local users to gain privileges by changing the configuration to reference a malicious program.

  • CVE-2004-2231Dec 31, 2004
    risk 0.00cvss epss 0.00

    Zero G Software InstallAnywhere 5.0.6, 5.0.7, and earlier allows local users to overwrite arbitrary files via a symlink attack on the (1) persistent_state or (2) env.properties.X temporary files.