There's a typo in Stefan Krueger's blog post about FLEXnet vulnerabilities:
New Security Vulnerability in FLEXnet Connect
This is a ready-only archive of the InstallSite Forum. You cannot post any new content here. / Dies ist ein Archiv des InstallSite Forums. Hier können keine neuen Beiträge veröffentlicht werden.
FLEXnet Vulnerabilities
Started by
Jekyll'n'Hyde
, Feb 23 2008 02:20
1 reply to this topic
Posted 23 February 2008 - 02:20
QUOTE |
New Security Vulnerability in FLEXnet Connect New reports about security vulnerabilities in Macrovision's FLEXnet Connect (formerly called InstallShield Update Service) have been published on January 15, 2007. |
The year should be 2008, I believe.
If it is any consolation, I also reported to Secunia that their links to the original postings in the Full Disclosure archive are off by one when you view the reports there in date order - with luck they'll fix that, too.
The links at Secunia when I posted this were:
http://lists.grok.or...ary/059611.html
http://lists.grok.or...ary/059636.html
The correct links are:
http://lists.grok.or...ary/059602.html
http://lists.grok.or...ary/059607.html
Has anyone got any extra information on older versions that might be vulnerable (or might not)? The reports indicate that some of the problems are structural or design issues. The Secunia report mentions that it removed some entries from an extensive list of versions; the SecWatch.org entry lists a lot of versions, so I suspect they've not done the clean up Secunia did. But I've not located any extra information - have you?
Just a new, very occasionally visiting, fussy pest,
Jekyll'n'Hyde
Posted 25 February 2008 - 15:48
QUOTE |
The year should be 2008, I believe. |
Thanks for spotting this. I've corrected the date.
Unfortunately I don't have any additional information. Macrovision did not reply to my request for more information when I contacted them in January.
Stefan Krüger
InstallSite.org twitter facebook