CVE-2008-4587

EUVD-2008-4567
Insecure method vulnerability in the MSVNClientDownloadManager61Lib.DownloadManager.1 ActiveX control (ISDM.exe 6.1.100.61372) in Macrovision FLEXnet Connect 6.1 allows remote attackers to force the download and execution of arbitrary files via the AddFile and RunScheduledJobs methods.  NOTE: this could be leveraged for code execution by uploading executable files to Startup folders.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 92%
Affected Products (NVD)
VendorProductVersion
acressoflexnet_connect
6.1
𝑥
= Vulnerable software versions
References
http://secunia.com/advisories/28496
http://securityreason.com/securityalert/4428
http://www.securityfocus.com/bid/27279
http://www.vupen.com/english/advisories/2008/0145
https://exchange.xforce.ibmcloud.com/vulnerabilities/39653
https://www.exploit-db.com/exploits/4909
http://secunia.com/advisories/28496
http://securityreason.com/securityalert/4428
http://www.securityfocus.com/bid/27279
http://www.vupen.com/english/advisories/2008/0145
https://exchange.xforce.ibmcloud.com/vulnerabilities/39653
https://www.exploit-db.com/exploits/4909