G08-4wm01
CVSS:
9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
False Positive:
t
Variants:
1
Year:
2008
Description
A memory corruption vulnerability exists in Macrovision InstallShield Update Service ActiveX control implemented in isusweb.dll. The vulnerability is due to a design error while processing calls to a method of the ActiveX control. A remote attacker can exploit this vulnerability by enticing the target user to open a malicious webpage, potentially allowing arbitrary code to be injected and executed in the security context of the currently logged in user. An attack targeting this vulnerability can result in the execution of arbitrary code. If code execution is successful, the behavior of the target will depend on the intention of the attacker. Any injected code will be executed within the security context of the currently logged in user. In the case of an unsuccessful code execution attack, the invalid memory access exception is handled by Internet Explorer and it does not terminate.