Back to search
CVE-2008-1093
Published: Sep 17, 2008
Modified: Aug 7, 2024
PUBLISHED
Description
Acresso InstallShield Update Agent does not properly verify the authenticity of Rule Scripts obtained from GetRules.asp web pages on FLEXnet Connect servers, which allows remote man-in-the-middle attackers to execute arbitrary VBScript code via Trojan horse Rules.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://www.simplicity.net/vuln/CVE-2008-1093.txt
x_refsource_MISC
ADV-2008-2613
vdb-entry
x_refsource_VUPEN
31896
third-party-advisory
x_refsource_SECUNIA
31204
vdb-entry
x_refsource_BID
20080916 InstallShield Update Agent - Downloads and executes "Rule Scripts" insecurely.
mailing-list
x_refsource_BUGTRAQ
4268
third-party-advisory
x_refsource_SREASON
VU#837092
third-party-advisory
x_refsource_CERT-VN
1020893
vdb-entry
x_refsource_SECTRACK
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now