lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 15 Jan 2008 16:16:43 +0000
From: "Elazar Broad" <>
To: <>
Subject: Re: Macrovision FlexNet Connect DownloadManager
	Insecure Methods

Forget downloading files to the startup directory, it looks like 
Macrovision still hasn't fixed the DownloadAndExecute() method of 
isusweb.dll. I believe that this issue is similar to this one: someone from iDefense 
could confirm that?), just that this is a different classid and a 
newer version of isusweb(different framework too?).

isusweb.dll version,Macrovision FLEXnet Connect Web 
Digitally signed March 29th, 2007

Exploit code is(will be) on Milw0rm, exploiting this is pretty self 
explanatory though...


On Mon, 14 Jan 2008 19:51:22 +0000 Elazar Broad 
<> wrote:
>Macrovision FlexNext Connect is a software package that allows 
>ISV's to update their software products. It is generally used in 
>conjunction with the InstallShield software deploymnet framework.
>FlexNet uses a number of ActiveX controls, some of which are 
>safe for scripting, in this case, the DownloadManager object:
>ISDM.exe version
> IObjectSafety:
> IO. Safe for scripting (IDispatch)
>This control contains several methods which can be used to 
>download arbitrary files to the system and possibly overwrite 
>in the context of the user.
>Set the killbit for this control and the Basket control(see 
>The Basket object {1DF951B1-8D40-4894-A04C-66AD824A0EEF} of 
>isusweb.dll can be used in a similar manner to download and 
>files on a system via the ISDM scheduling framework, however, it 
>does so visibly.
>I understand that some of this functionality is by design, 
>there should be some validation in place to verify that the files 
>that are being downloaded are indeed from a trusted source and are 
>Click here and choose from thousands of high quality used cars.
>updates to packages that are actually installed on the system.    
>Full-Disclosure - We believe in it.

Enhance your home's curb appeal with name brand shutters. Click now.
>Hosted and sponsored by Secunia -

Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia -

Powered by blists - more mailing lists