TippingPoint Digital Vaccine Laboratories
DID YOU KNOW... In December of 2007, Microsoft released seven security bulletins which fixed 11 new security vulnerabilities. TippingPoint and ZDI were credited with discovering a total of four of those vulnerabilities.

Macrovision FLEXnet boisweb.dll ActiveX Control Buffer Overflow Vulnerability

TPTI-07-09: June 4th, 2007

CVE ID

Affected Vendors

Affected Products

    Update Service 3.x
    Update Service 4.x
    Update Service 5.x
    FLEXnet Connect 6

TippingPoint™ IPS Customer Protection

TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter IDs 4323 and 4327. For further product information on the TippingPoint IPS:

Vulnerability Details

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Macrovision FLEXnet Connect. Exploitation requires the target to visit a malicious web site.

This specific flaw exists within the ActiveX control with CLSID 85A4A99C-8C3D-499E-A386-E0743DFF8FB7. Specifying large values to two specific functions available in this control results in an exploitable stack based buffer overflow.

The vulnerable function / parameters include:

* DownloadAndExecute(), second of five parameters
* AddFileEx(), third of seven parameters

Vendor Response

Macrovision has issued an update to correct this vulnerability. More details can be found at:

Disclosure Timeline

    2006-06-22 - Vulnerability reported to vendor
    2007-06-04 - Coordinated public release of advisory

Credit

This vulnerability was discovered by: