AnsweredAssumed Answered

QID: 115960 Macrovision InstallShield FLEXnet Connect ActiveX Control Buffer Overflow Vulnerability

Question asked by Jeff Prater on Jan 25, 2013
Latest reply on Jan 28, 2013 by Jeff Prater

Out of our 160 machines, we have 5 that have vulnerability identified by Qualys:

 

QID: 115960

Severity: 4

Description: Macrovision InstallShield FLEXnet Connect ActiveX Control Buffer Overflow Vulnerability

Threat: InstallShield FLEXnet Connect is vulnerable to an issue caused by a memory corruption error. The issue occurs when the InstallShield Update Service Agent (isusweb.dll) ActiveX control calls the "ExecuteRemote()" method using a URL that causes the Web server to return a 404 error.

Solution: The vendor has released a patch for FLEXnet Connect Version 6.0. See the Acresso Software Web site (http://www.acresso.com/products/installation/flexnet_connect.htm) for information on patching.

 

Results:

%ProgramFiles%\Common Files\InstallShield\UpdateService\agent.exe found

%ProgramFiles%\Common Files\InstallShield\UpdateService\agent.exe Version is 3.0.100.1165

 

For starters, the page referenced in the solution no longer works. I found this KB article on Flexera website about uninstalling (with the uninstaller executable), but it doesn't seem to unininstall the updater--just update job entries.

 

Anyone know how I can get rid of this vulnerability? All of our computers have the same software installed--I can't figure out why only these 5 have this vulnerability and others don't. Thanks!

Outcomes