Macrovision
Products
9- 8 CVEs
- 5 CVEs
- 3 CVEs
- 3 CVEs
- 2 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
18| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-47825 | Hig | 0.51 | 7.8 | 0.00 | Jan 16, 2026 | Acer Updater Service 1.2.3500.0 contains an unquoted service path vulnerability that allows local users to execute code with elevated system privileges. Attackers can exploit the unquoted path in C:\Program Files\Acer\Acer Updater\ to inject malicious executables that will run… | ||
| CVE-2018-7249 | Hig | 0.46 | 7.0 | 0.02 | Feb 26, 2018 | An issue was discovered in secdrv.sys as shipped in Microsoft Windows Vista, Windows 7, Windows 8, and Windows 8.1 before KB3086255, and as shipped in Macrovision SafeDisc. Two carefully timed calls to IOCTL 0xCA002813 can cause a race condition that leads to a use-after-free.… | ||
| CVE-2007-5660 | 0.06 | — | 0.37 | Nov 2, 2007 | Unspecified vulnerability in the Update Service ActiveX control in isusweb.dll before 6.0.100.65101 in MacroVision FLEXnet Connect and InstallShield 2008 allows remote attackers to execute arbitrary code via an unspecified "unsafe method," possibly involving a buffer overflow. | |||
| CVE-2008-4587 | 0.04 | — | 0.11 | Oct 15, 2008 | Insecure method vulnerability in the MSVNClientDownloadManager61Lib.DownloadManager.1 ActiveX control (ISDM.exe 6.1.100.61372) in Macrovision FLEXnet Connect 6.1 allows remote attackers to force the download and execution of arbitrary files via the AddFile and RunScheduledJobs… | |||
| CVE-2008-4586 | 0.03 | — | 0.05 | Oct 15, 2008 | Insecure method vulnerability in the MVSNCLientWebAgent61.WebAgent.1 ActiveX control (isusweb.dll 6.1.100.61372) in Macrovision FLEXnet Connect 6.1 allows remote attackers to force the download and execution of arbitrary files via the DownloadAndExecute method. | |||
| CVE-2007-6654 | 0.03 | — | 0.06 | Jan 4, 2008 | Buffer overflow in a certain ActiveX control in Macrovision InstallShield Update Service Web Agent 5.1.100.47363 allows remote attackers to execute arbitrary code via a long string in the ProductCode argument (second argument) to the DownloadAndExecute method, a different… | |||
| CVE-2007-5587 | 0.03 | — | 0.03 | Oct 19, 2007 | Buffer overflow in Macrovision SafeDisc secdrv.sys before 4.3.86.0, as shipped in Microsoft Windows XP SP2, XP Professional x64 and x64 SP2, Server 2003 SP1 and SP2, and Server 2003 x64 and x64 SP2 allows local users to overwrite arbitrary memory locations and gain privileges… | |||
| CVE-2007-0321 | 0.01 | — | 0.07 | Feb 23, 2007 | Buffer overflow in the Update Service Agent ActiveX Control in isusweb.dll for Macrovision FLEXnet Connect (formerly InstallShield Update Service) allows remote attackers to execute arbitrary code via the Download method. | |||
| CVE-2007-6744 | 0.00 | — | 0.00 | Jan 19, 2012 | Flexera Macrovision InstallShield before 2008 sends a digital-signature password to an unintended application during certain signature operations involving .spc and .pvk files, which might allow local users to obtain sensitive information via unspecified vectors, related to an… | |||
| CVE-2008-2470 | 0.00 | — | 0.05 | Sep 18, 2008 | The InstallShield Update Service Agent ActiveX control in isusweb.dll allows remote attackers to cause a denial of service (memory corruption and browser crash) and possibly execute arbitrary code via a call to ExecuteRemote with a URL that results in a 404 error response. | |||
| CVE-2008-1093 | 0.00 | — | 0.02 | Sep 18, 2008 | Acresso InstallShield Update Agent does not properly verify the authenticity of Rule Scripts obtained from GetRules.asp web pages on FLEXnet Connect servers, which allows remote man-in-the-middle attackers to execute arbitrary VBScript code via Trojan horse Rules. | |||
| CVE-2007-5661 | 0.00 | — | 0.02 | Apr 4, 2008 | The Macrovision InstallShield InstallScript One-Click Install (OCI) ActiveX control 12.0 before SP2 does not validate the DLL files that are named as parameters to the control, which allows remote attackers to download arbitrary library code onto a client machine. | |||
| CVE-2007-2419 | 0.00 | — | 0.06 | Jun 6, 2007 | Multiple buffer overflows in an ActiveX control (boisweb.dll) in Macrovision FLEXnet Connect 6.0 and Update Service 3.x to 5.x allow remote attackers to execute arbitrary code via the (1) the second parameter to the DownloadAndExecute method and (2) third parameter to the… | |||
| CVE-2007-0328 | 0.00 | — | 0.05 | Jun 1, 2007 | The DWUpdateService ActiveX control in the agent (agent.exe) in Macrovision FLEXnet Connect 6.0 and Update Service 3.x to 5.x allows remote attackers to execute arbitrary commands via (1) the Execute method, and obtain the exit status using (2) the GetExitCode method. | |||
| CVE-2007-1009 | 0.00 | — | 0.00 | Apr 19, 2007 | Macrovision InstallAnywhere Enterprise before 8.0.1 uses the InstallScript.iap_xml configuration file without integrity protection to verify authorization for installing an application, which allows local users to perform unauthorized installations by removing the (1) password… | |||
| CVE-2007-0320 | 0.00 | — | 0.05 | Feb 23, 2007 | Multiple buffer overflows in (a) an ActiveX control (iftw.dll) and (b) Netscape plug-in (npiftw32.dll) for Macrovision (formerly InstallShield) InstallFromTheWeb allow remote attackers to execute arbitrary code via crafted HTML documents. | |||
| CVE-2006-1197 | 0.00 | — | 0.00 | Mar 13, 2006 | SafeDisc installs the driver service for the secdrv.sys driver with insecure permissions, which allows local users to gain privileges by changing the configuration to reference a malicious program. | |||
| CVE-2004-2231 | 0.00 | — | 0.00 | Dec 31, 2004 | Zero G Software InstallAnywhere 5.0.6, 5.0.7, and earlier allows local users to overwrite arbitrary files via a symlink attack on the (1) persistent_state or (2) env.properties.X temporary files. |
- risk 0.51cvss 7.8epss 0.00
Acer Updater Service 1.2.3500.0 contains an unquoted service path vulnerability that allows local users to execute code with elevated system privileges. Attackers can exploit the unquoted path in C:\Program Files\Acer\Acer Updater\ to inject malicious executables that will run…
- risk 0.46cvss 7.0epss 0.02
An issue was discovered in secdrv.sys as shipped in Microsoft Windows Vista, Windows 7, Windows 8, and Windows 8.1 before KB3086255, and as shipped in Macrovision SafeDisc. Two carefully timed calls to IOCTL 0xCA002813 can cause a race condition that leads to a use-after-free.…
- CVE-2007-5660Nov 2, 2007risk 0.06cvss —epss 0.37
Unspecified vulnerability in the Update Service ActiveX control in isusweb.dll before 6.0.100.65101 in MacroVision FLEXnet Connect and InstallShield 2008 allows remote attackers to execute arbitrary code via an unspecified "unsafe method," possibly involving a buffer overflow.
- CVE-2008-4587Oct 15, 2008risk 0.04cvss —epss 0.11
Insecure method vulnerability in the MSVNClientDownloadManager61Lib.DownloadManager.1 ActiveX control (ISDM.exe 6.1.100.61372) in Macrovision FLEXnet Connect 6.1 allows remote attackers to force the download and execution of arbitrary files via the AddFile and RunScheduledJobs…
- CVE-2008-4586Oct 15, 2008risk 0.03cvss —epss 0.05
Insecure method vulnerability in the MVSNCLientWebAgent61.WebAgent.1 ActiveX control (isusweb.dll 6.1.100.61372) in Macrovision FLEXnet Connect 6.1 allows remote attackers to force the download and execution of arbitrary files via the DownloadAndExecute method.
- CVE-2007-6654Jan 4, 2008risk 0.03cvss —epss 0.06
Buffer overflow in a certain ActiveX control in Macrovision InstallShield Update Service Web Agent 5.1.100.47363 allows remote attackers to execute arbitrary code via a long string in the ProductCode argument (second argument) to the DownloadAndExecute method, a different…
- CVE-2007-5587Oct 19, 2007risk 0.03cvss —epss 0.03
Buffer overflow in Macrovision SafeDisc secdrv.sys before 4.3.86.0, as shipped in Microsoft Windows XP SP2, XP Professional x64 and x64 SP2, Server 2003 SP1 and SP2, and Server 2003 x64 and x64 SP2 allows local users to overwrite arbitrary memory locations and gain privileges…
- CVE-2007-0321Feb 23, 2007risk 0.01cvss —epss 0.07
Buffer overflow in the Update Service Agent ActiveX Control in isusweb.dll for Macrovision FLEXnet Connect (formerly InstallShield Update Service) allows remote attackers to execute arbitrary code via the Download method.
- CVE-2007-6744Jan 19, 2012risk 0.00cvss —epss 0.00
Flexera Macrovision InstallShield before 2008 sends a digital-signature password to an unintended application during certain signature operations involving .spc and .pvk files, which might allow local users to obtain sensitive information via unspecified vectors, related to an…
- CVE-2008-2470Sep 18, 2008risk 0.00cvss —epss 0.05
The InstallShield Update Service Agent ActiveX control in isusweb.dll allows remote attackers to cause a denial of service (memory corruption and browser crash) and possibly execute arbitrary code via a call to ExecuteRemote with a URL that results in a 404 error response.
- CVE-2008-1093Sep 18, 2008risk 0.00cvss —epss 0.02
Acresso InstallShield Update Agent does not properly verify the authenticity of Rule Scripts obtained from GetRules.asp web pages on FLEXnet Connect servers, which allows remote man-in-the-middle attackers to execute arbitrary VBScript code via Trojan horse Rules.
- CVE-2007-5661Apr 4, 2008risk 0.00cvss —epss 0.02
The Macrovision InstallShield InstallScript One-Click Install (OCI) ActiveX control 12.0 before SP2 does not validate the DLL files that are named as parameters to the control, which allows remote attackers to download arbitrary library code onto a client machine.
- CVE-2007-2419Jun 6, 2007risk 0.00cvss —epss 0.06
Multiple buffer overflows in an ActiveX control (boisweb.dll) in Macrovision FLEXnet Connect 6.0 and Update Service 3.x to 5.x allow remote attackers to execute arbitrary code via the (1) the second parameter to the DownloadAndExecute method and (2) third parameter to the…
- CVE-2007-0328Jun 1, 2007risk 0.00cvss —epss 0.05
The DWUpdateService ActiveX control in the agent (agent.exe) in Macrovision FLEXnet Connect 6.0 and Update Service 3.x to 5.x allows remote attackers to execute arbitrary commands via (1) the Execute method, and obtain the exit status using (2) the GetExitCode method.
- CVE-2007-1009Apr 19, 2007risk 0.00cvss —epss 0.00
Macrovision InstallAnywhere Enterprise before 8.0.1 uses the InstallScript.iap_xml configuration file without integrity protection to verify authorization for installing an application, which allows local users to perform unauthorized installations by removing the (1) password…
- CVE-2007-0320Feb 23, 2007risk 0.00cvss —epss 0.05
Multiple buffer overflows in (a) an ActiveX control (iftw.dll) and (b) Netscape plug-in (npiftw32.dll) for Macrovision (formerly InstallShield) InstallFromTheWeb allow remote attackers to execute arbitrary code via crafted HTML documents.
- CVE-2006-1197Mar 13, 2006risk 0.00cvss —epss 0.00
SafeDisc installs the driver service for the secdrv.sys driver with insecure permissions, which allows local users to gain privileges by changing the configuration to reference a malicious program.
- CVE-2004-2231Dec 31, 2004risk 0.00cvss —epss 0.00
Zero G Software InstallAnywhere 5.0.6, 5.0.7, and earlier allows local users to overwrite arbitrary files via a symlink attack on the (1) persistent_state or (2) env.properties.X temporary files.