CVE-2008-4587

Macrovision FLEXnet Connect 6.1 - Code Injection

Title source: llm

Description

Insecure method vulnerability in the MSVNClientDownloadManager61Lib.DownloadManager.1 ActiveX control (ISDM.exe 6.1.100.61372) in Macrovision FLEXnet Connect 6.1 allows remote attackers to force the download and execution of arbitrary files via the AddFile and RunScheduledJobs methods. NOTE: this could be leveraged for code execution by uploading executable files to Startup folders.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Elazar · htmlremotewindows

https://www.exploit-db.com/exploits/4909

View Code ZIP pw:eip

References (6)

[Third Party Advisory] http://www.vupen.com/english/advisories/2008/0145

[Vendor Advisory] http://secunia.com/advisories/28496

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/39653

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/27279

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/4909

[Third Party Advisory] http://securityreason.com/securityalert/4428

Scores

EPSS 0.0890

EPSS Percentile 92.6%

Details

Status published

Products (1)

acresso/flexnet_connect 6.1

Published Oct 15, 2008

Tracked Since Feb 18, 2026