Jump to content


This is a ready-only archive of the InstallSite Forum. You cannot post any new content here. / Dies ist ein Archiv des InstallSite Forums. Hier können keine neuen Beiträge veröffentlicht werden.
Photo

FLEXnet Vulnerabilities

Started by Jekyll'n'Hyde , Feb 23 2008 02:20

1 reply to this topic

Jekyll'n'Hyde

Jekyll'n'Hyde
  • Full Members
  • 1 posts

Posted 23 February 2008 - 02:20

There's a typo in Stefan Krueger's blog post about FLEXnet vulnerabilities:

New Security Vulnerability in FLEXnet Connect

QUOTE

New Security Vulnerability in FLEXnet Connect

New reports about security vulnerabilities in Macrovision's FLEXnet Connect (formerly called InstallShield Update Service) have been published on January 15, 2007.


The year should be 2008, I believe.

If it is any consolation, I also reported to Secunia that their links to the original postings in the Full Disclosure archive are off by one when you view the reports there in date order - with luck they'll fix that, too.

The links at Secunia when I posted this were:
http://lists.grok.or...ary/059611.html
http://lists.grok.or...ary/059636.html

The correct links are:
http://lists.grok.or...ary/059602.html
http://lists.grok.or...ary/059607.html

Has anyone got any extra information on older versions that might be vulnerable (or might not)? The reports indicate that some of the problems are structural or design issues. The Secunia report mentions that it removed some entries from an extensive list of versions; the SecWatch.org entry lists a lot of versions, so I suspect they've not done the clean up Secunia did. But I've not located any extra information - have you?


Just a new, very occasionally visiting, fussy pest,
Jekyll'n'Hyde

Stefan Krueger

Stefan Krueger

    InstallSite.org

  • Administrators
  • 13,269 posts

Posted 25 February 2008 - 15:48

QUOTE
The year should be 2008, I believe.

Thanks for spotting this. I've corrected the date.

Unfortunately I don't have any additional information. Macrovision did not reply to my request for more information when I contacted them in January.

Stefan Krüger
InstallSite.org  twitter  facebook

HOWTO: Logging an MSI installation

Read this before sending me e-mail or private messages

Back to "InstallScript" Projects in InstallShield X and above
  1. InstallSite Forum
  2. ENGLISH : General
  3. InstallShield InstallScript projects (non-MSI)
  4. "InstallScript" Projects in InstallShield X and above
  5. Datenschutzerklärung/Privacy Policy
  6. Impressum/Imprint ·