CVE-2008-1093 in Acresso Intallshield Update Agentinfo

Summary

Acresso InstallShield Update Agent does not properly verify the authenticity of Rule Scripts obtained from GetRules.asp web pages on FLEXnet Connect servers, which allows remote man-in-the-middle attackers to execute arbitrary VBScript code via Trojan horse Rules.

Reservation

02/28/2008

Disclosure

09/18/2008

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
44071	Acresso Intallshield Update Agent GetRules.asp code injection	94	Proof-of-Concept	Not defined	CVE-2008-1093

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

◂ PreviousOverviewNext ▸

Want to know what is going to be exploited?

We predict KEV entries!