2 More 3rd-Party ActiveX Flaws (Macrovision/InstallShield)

Looks like I missed 2 ActiveX flaws from last week when I did the ActiveX roundup. CERT also had two vulnerability notes covering Macrovision (formerly InstallShield, now acquired by Macrovision) products.

VU#847993 is for Macrovision FLEXnet Connect. There is a buffer overflow in the Download() function in the Update Service Agent ActiveX control in isusweb.dll. The note says the control is included in some InstallShield/Macrovision installers. (So it probably exists as a tangential vulnerability in other products as well.) The killbit to set to mitigate this threat is

{E9880553-B8A7-4960-A668-95C68BED571E}.

At this time there does not appear to be any patch available for this vulnerability, so if you know you are running one of those products, make sure and read how to apply the killbits, otherwise you will be vulnerable to exploitation.

VU#181041 says that there are multiple buffer overflows in the InstallFromTheWeb product from InstallShield/Macrovision. As you might guess by the name, this is a web-based software installation program. ;) The killbit to set for this one is

{4E330863-6A11-11D0-BFD8-006097237877}

and again there is no patch available at this time. It is also noted that InstallFromTheWeb is no longer supported by Macrovision, so it's unclear whether any patch is forthcoming. The note recommends deleting npiftw32.dll as an alternative solution, but it's not clear why that would be better than simply setting the killbit.