CVE-2008-4587

Macrovision FLEXnet Connect 6.1 - Code Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-4587. PoCs published by Elazar.

AI-analyzed exploit summary This exploit leverages insecure methods in Macrovision FlexNet DownloadManager to download and execute an arbitrary file. It uses the ActiveX control with CLSID FCED4482-7CCB-4E6F-86C9-DCB22B52843C to schedule and run a job that fetches a malicious executable from a remote server and places it in the Startup folder.

Description

Insecure method vulnerability in the MSVNClientDownloadManager61Lib.DownloadManager.1 ActiveX control (ISDM.exe 6.1.100.61372) in Macrovision FLEXnet Connect 6.1 allows remote attackers to force the download and execution of arbitrary files via the AddFile and RunScheduledJobs methods. NOTE: this could be leveraged for code execution by uploading executable files to Startup folders.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Elazar · htmlremotewindows

https://www.exploit-db.com/exploits/4909

View Code ZIP pw:eip

This exploit leverages insecure methods in Macrovision FlexNet DownloadManager to download and execute an arbitrary file. It uses the ActiveX control with CLSID FCED4482-7CCB-4E6F-86C9-DCB22B52843C to schedule and run a job that fetches a malicious executable from a remote server and places it in the Startup folder.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Macrovision FlexNet DownloadManager version 6.1.100.61372

No auth needed

Prerequisites: Victim must visit the malicious webpage using Internet Explorer · ActiveX controls must be enabled

MITRE ATT&CK