Newly found
Vulnerabilities04/01/08:
Macrovision InstallShield ActiveX Vulnerability
We have seen reports of a vulnerability
in Macrovision InstallShield.
This vulnerability is due to an error in the One-Click Install ActiveX control
for InstallScript projects. This ActiveX control is
used for loading DLL files. If a user visits a specially crafted website, a
maliciously crafted DLL file may be loaded onto the user's system, allowing an
attacker to execute arbitrary code.
We encourage users to do the following to help mitigate the risks:
Review Macrovision
Knowledge Base article Q113640 and apply the appropriate hotfix.
Set the kill bit for CLSID
{53D40FAA-4E21-459f-AA87-E4D97FC3245A}.
Disable ActiveX