CVE-2007-5661

critical

Description

The Macrovision InstallShield InstallScript One-Click Install (OCI) ActiveX control 12.0 before SP2 does not validate the DLL files that are named as parameters to the control, which allows remote attackers to download arbitrary library code onto a client machine.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/41558

http://www.vupen.com/english/advisories/2008/1049

http://www.securityfocus.com/bid/28533

http://securitytracker.com/id?1019735

http://secunia.com/advisories/29549

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=649

http://knowledge.macrovision.com/selfservice/microsites/search.do?cmd=displayKC&externalId=Q113640

Details

Source: Mitre, NVD

Published: 2008-04-04

Updated: 2025-04-09

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.01556