Macrovision.FLEXnet.DownloadManager.Arbitrary.File.Download
Description
This indicates an attempt to exploit one of several file download vulnerabilities in Macrovision FlexNext Connect.
The vulnerabilities can be exploited through the ActiveX Control "MVSNClientDownloadManager61Lib.DownloadManager". An attacker can create a specially crafted web page with an embedded call to the "AddFile()" method, causing a vulnerable host to silently download and execute a file.
Affected Products
DownloadManager object ISDM.exe version 6.1.100.61372
Impact
System Compromise.
Recommended Actions
We are not aware of any update at this time. As a work around set the kill bit to block this ActiveX Control.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2019-11-22 | 15.729 | Name:Macrovision. FlexNet. DownloadManager. Arbitrary. File. Download:Macrovision. FLEXnet. DownloadManager. Arbitrary. File. Download |