Macrovision.FLEXnet.DownloadManager.Arbitrary.File.Download

description-logoDescription

This indicates an attempt to exploit one of several file download vulnerabilities in Macrovision FlexNext Connect.
The vulnerabilities can be exploited through the ActiveX Control "MVSNClientDownloadManager61Lib.DownloadManager". An attacker can create a specially crafted web page with an embedded call to the "AddFile()" method, causing a vulnerable host to silently download and execute a file.

affected-products-logoAffected Products

DownloadManager object ISDM.exe version 6.1.100.61372

Impact logoImpact

System Compromise.

recomended-action-logoRecommended Actions

We are not aware of any update at this time. As a work around set the kill bit to block this ActiveX Control.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2019-11-22 15.729 Name:Macrovision.
FlexNet.
DownloadManager.
Arbitrary.
File.
Download:Macrovision.
FLEXnet.
DownloadManager.
Arbitrary.
File.
Download