CVE-2007-5660

MacroVision FLEXnet Connect and InstallShield 2008 - Remote Code Execution via Update Service ActiveX Control

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 4 public exploits for CVE-2007-5660. PoCs published by Metasploit, MC, including Metasploit module exploits/windows/browser/macrovision_downloadandexecute.

AI-analyzed exploit summary This Metasploit module exploits an unsafe ActiveX method in Macrovision InstallShield 2008 via a malicious HTML page. It leverages the `DownloadAndExecute` method to fetch and execute a payload from a remote server.

Description

Unspecified vulnerability in the Update Service ActiveX control in isusweb.dll before 6.0.100.65101 in MacroVision FLEXnet Connect and InstallShield 2008 allows remote attackers to execute arbitrary code via an unspecified "unsafe method," possibly involving a buffer overflow.

Exploits (4)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16602

This Metasploit module exploits an unsafe ActiveX method in Macrovision InstallShield 2008 via a malicious HTML page. It leverages the `DownloadAndExecute` method to fetch and execute a payload from a remote server.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Macrovision InstallShield 2008
No auth needed
Prerequisites: Victim must visit a malicious webpage · ActiveX control must be installed and enabled
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16573

This exploit targets a stack buffer overflow in Macrovision InstallShield Update Service (Isusweb.dll 6.0.100.54472) via an overly long ProductCode string in the DownloadAndExecute method. It delivers a payload through a malicious HTML page with embedded JavaScript to achieve remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Macrovision InstallShield Update Service (Isusweb.dll 6.0.100.54472)
No auth needed
Prerequisites: Target must have the vulnerable version of Macrovision InstallShield Update Service installed · Target must visit a malicious webpage or be directed to it
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC NORMAL
by MC · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/macrovision_downloadandexecute.rb

This Metasploit module exploits a stack buffer overflow in Macrovision InstallShield Update Service (Isusweb.dll 6.0.100.54472) via an overly long ProductCode string in the DownloadAndExecute method. It delivers a payload through a malicious HTML page with embedded JavaScript to achieve remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Macrovision InstallShield Update Service (Isusweb.dll 6.0.100.54472)
No auth needed
Prerequisites: Target must have the vulnerable version of Macrovision InstallShield Update Service installed · Target must visit a malicious webpage or be directed to it
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by MC · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/macrovision_unsafe.rb

This Metasploit module exploits an unsafe ActiveX method in Macrovision InstallShield Update Service, allowing remote code execution via crafted HTML content. It leverages the `DownloadAndExecute` method to fetch and execute a malicious payload.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Macrovision InstallShield 2008
No auth needed
Prerequisites: Victim must visit a malicious webpage or open a crafted HTML file · ActiveX controls must be enabled in the victim's browser
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (10)

Core 10
Core References
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27475
Third Party Advisory third-party-advisory x_refsource_idefense
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=618
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/38347
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/3670
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1018881
Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/26280
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/38210

Scores

EPSS 0.3662
EPSS Percentile 98.3%

Details

Status published
Products (7)
macrovision/flexnet_connect
macrovision/installshield_2008
macrovision/update_service 3.0
macrovision/update_service 4.0
macrovision/update_service 5.0
macrovision/update_service 5.1.100_47363
macrovision/update_service 6.0.100_60146
Published Nov 02, 2007
Tracked Since Feb 18, 2026