CVE-2007-5661
InstallShield < 12 SP2 - Remote Code Execution via Unvalidated DLL Parameter
Title source: llmDescription
The Macrovision InstallShield InstallScript One-Click Install (OCI) ActiveX control 12.0 before SP2 does not validate the DLL files that are named as parameters to the control, which allows remote attackers to download arbitrary library code onto a client machine.
References (7)
Core 7
Core References
Not Applicable vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1019735
Patch x_refsource_confirm
http://knowledge.macrovision.com/selfservice/microsites/search.do?cmd=displayKC&externalId=Q113640
Third Party Advisory vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/41558
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/28533
Not Applicable third-party-advisory
x_refsource_idefense
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=649
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/29549
Not Applicable vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2008/1049
Scores
EPSS
0.0225
EPSS Percentile
80.7%
Details
CWE
CWE-94
Status
published
Products (2)
revenera/installshield
12 (4 CPE variants)
revenera/installshield
< 12 (2 CPE variants)
Published
Apr 04, 2008
Tracked Since
Feb 18, 2026