CVE-2007-5661

InstallShield < 12 SP2 - Remote Code Execution via Unvalidated DLL Parameter

Title source: llm
STIX 2.1

Description

The Macrovision InstallShield InstallScript One-Click Install (OCI) ActiveX control 12.0 before SP2 does not validate the DLL files that are named as parameters to the control, which allows remote attackers to download arbitrary library code onto a client machine.

References (7)

Core 7
Core References
Not Applicable vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1019735
Third Party Advisory vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/41558
Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/28533
Not Applicable third-party-advisory x_refsource_idefense
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=649
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/29549
Not Applicable vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/1049

Scores

EPSS 0.0225
EPSS Percentile 80.7%

Details

CWE
CWE-94
Status published
Products (2)
revenera/installshield 12 (4 CPE variants)
revenera/installshield < 12 (2 CPE variants)
Published Apr 04, 2008
Tracked Since Feb 18, 2026